9.8 Public Key Infrastructure (PKI)
Subordinate CA
A CA that functions within the hierarchy in a parent-child relationship with the root CA or another subordinate CA and is responsible for issuing certificates, holding the Certificate Practice Statement (CPS), and publishing the Certificate Revocation List (CRL).
Certificate Practice Statement (CPS)
A declaration of the security that the organization is implementing for all certificates issued by the CA holding the CPS.
What is a PKI?
A hierarchy of computers for issuing certificates
Public Key Infrastructure (PKI)
A hierarchy of computers that issues and manages certificates.
Certificate Revocation List (CRL)
A list of certificates that have been previously revoked that resides at the CA.
Online Certificate Status Protocol (OCSP)
A protocol used for checking the status of an individual digital certificate to verify if it is good or has been revoked.
Cryptographic Service Provider (CSP)
A software library that resides on the client and generates key pairs.
Enrollment agent
A user who is authorized to request certificates for other users.
Registration Authority (RA)
An authority that verifies user request for digital certificates and requests the certificates from the CA.
Digital Certificate
An electronic document that uses a digital signature to bind a public key with an identity.
Certificate Authority (CA)
An entity trusted to issue, store, and revoke digital certificates.
A PKI is an implementation for managing which type of encryption?
Asymmetric
Which of the following conditions does NOT result iin a certificate being added to the certificate revocation list?
Certificate expiration
When is the best time to apply for a certificate renewal?
Near the end of the certificate's valid lifetime
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?
Online Certificate Status Protocol
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
Recovery agent
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
Registration authority
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate.
Which action is taken when the private key associated with a digital certificate becomes compromised?
The certificate is revoked and added to the Certificate Revocation List.
Certificate revocation should occur under all but which of the following conditions?
The certificate owner has held the certificate beyond the established lifetime timer.
X.509
The official standard of ITU Telecommunication Standardization Sector (ITU-T) that identifies the format for public key certificates and certification path validation.
Pinning
The process of associating a host with its expected certificate.
How many keys are used with Public key cryptography?
Two
Which of the following items are contained in a digital certificate? (select two)
Validity period Public key
Which standard is most widely used for certificates?
X.509
Which aspect of a certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?
It is a trusted third-party
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where?
Identifying data and a certification request to the registration authority (RA).
