Live Virtual Machine Lab 7.2: Module 07 Implementing a Public Key Infrastructure
Which type of certificate file format contains private and public keys and is protected by a password?
Personal information exchange (PFX) Note: Personal information exchange (PFX) file format is used for the authentication of Websites and applications. This type of certificate contains both the private as well as the public keys. A password also protects it. Privacy enhanced mail (PEM) format is used to encrypt Email messages and to ensure confidentiality and integrity. A PEM-encoded CRT file is equivalent to a PEM encoded CER file. A CER extension indicates a Microsoft version of a CRT certificate file. The P12 format is based on the standards defined by RSA Corporation. It also contains both the keys, public and private.
Which of the following entity in the certificate authority (CA) hierarchy validates the certificate request from a client?
Registration Authority (RA) Note: When a client requests a certificate, Registration Authority (RA) validates the request. If the validation is successful, then the RA confirms to the CA that a certificate can be issued based on the client's request. It is important to note that the RA never issues a certificate to the client. It only validates and sends the request to the CA. The hierarchy begins with a Root CA at the top and with one or more intermediate CA levels below it. In a simple model, an intermediate CA is trusted by the authority granted to it by a Root CA. A large enterprise can create its own Root CA, which can delegate signing authority to intermediate CA servers. There is a root CA, then the intermediate, and then you can also have the leaf CA, which is at the bottom of the hierarchy. The entire hierarchy shares the root CA certificate and the public keys.
Which of the following certificates should you use with a Web server for testing purposes?
Self-Signed Note: When developers write the code for an application, they need to protect the code. The developers can use digital certificates and sign the code. A self-signed certificate is an individual certificate and does not have a certificate authority to work with. There are several network devices and applications that use self-signed certificates. A wildcard certificate is assigned to a domain name. All its sub-domains can use the same certificate. A Subject Alternative Name (SAN) digital certificate is more commonly known as a UCC certificate - Unified Communications Certificate. A UCC certificate is used with unified communication applications, such as Microsoft Exchange Server.
A root CA should always be kept online. [TRUE/FALSE]
FALSE Note: A CA can be kept online or offline depending on its role and how frequently it needs to sign a certificate. However, a root CA should always be kept offline. You would not need a root CA to sign certificates regularly. The term offline means that the CA is not actively generating certificates and is of the network either in the shutdown state or just not connected.
Before a user requests a certificate from a CA, which of the following tasks must be completed?
Generate private and public keys Note: When a user requests a certificate from a CA, the request goes in the form of a CSR, which contains the RSA-based public key. The CSR also contains the required information for the certificate. Therefore, the user must first generate private and public keys. When a CSR is sent, the public key is sent in it. The CA takes the public key and embeds it into the certificate that it is issuing to you.
