Certificate Management

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Key escrow

A method in dealing with key escrow involves the storage of key information with a 3rd party, referred to as a key escrow agency

How are certificates revoked?

Certificate revocation is handled either through a Certificate Revocation List (CRL) or by using the Online Certificate Status Protocol (OCSP)

CSR

Certificate signing Request

Can certificates be suspended?

Certificates can be suspended Ensures the key is unusable for a period of time Suspend rather than expire certificates to make them temporarily invalid

key recovery

Information that is stored using older keys will be inaccessile using new key Key recovery allows you to acces ifnormation that is encrypted with older keys.

Explain CA

Manage certificate store: - creates, signs, distributes, stores and/or revokes keys Authenticates the certificates it issues by signing them with their asymmetric private key CA server architecture is typically deployed within a Singe Aurity trust model or Hierarchical trust model

Explain RA

Middleman between subscribers and CA Can distribute keys, accept registrations for the CA, and validate identities Does NOT issue certificates on their own

Explain CSR

The formal request sent fro a client to a CA asking for a certificate to be generated. CSR includes: - public key to be signed - distinguished name - business name - email address - location information

Certificate Renewal

Unexpired certificates can be renewed close to the end of expiring certificate's lifetime Allows teh same certificate to be used past the original expiration time Not a good practice

What is the standard PKI is based on?

X.509 Standard

recovery agent

someone wtih the organization with authroity to remove keys from a repository

Explain certificate revocation

the process of revoking a certificate before it expires Reasons for revocation: - key theft - key loss - illegal activity - significant changes in the organization ****Not revoked due to normal expiration!!!

RA

Registration Authority

What is included in a Digital Certificate?

- The owner of the certificate (subject) - The subject's public key - The certificate issuer's name (CA) - The certificate issuer's digital signature (CA's Digital Signature) - Periodicty: Validd from when to when - Serial Number - Certificate policy

Root CA

A trusted root CA is a CA server that creates its own keys and digitally signs its own keys. It also creates and signs keys for Intermediate CA servers. Intermediate CA server - creates keys for the local leaf objects

Explain PKI

A two-key, asymmetric system with 4 key components: o Certificate Authority - CA o Registration Authority - RA o RSA o Digital ceritificates Follows X.509 standard A framework for creating, managing, issuing, distributing, and storing asymmetric private keys and X.509 Digital Certificates

CA

Certificate Authority

CRL

Certificate Revocation List A list housed by the CA that indetifies revoked certificates. .crl file can be reviewed manually or queried using OCSP Expired certificates are NOT on the CRL

Certificate Destruction

Establish policies for destroying old keys when a key or certificate is no longer useful When destroyed, notify the CA so the CRL and OCSP servers can be updated Deregistration should occur when a key is destroyed, especially if the key owner no longer exists

Certificate expiration

If a certificate expires, a new certificate must be issued Expired certificates are NOT added to the CRL

OCSP

Online Certificate Status Protocol Allows for online checking of certificate validity, by sending request to a website containing information on valid certificates. Checks for revoked certificates Queries a CA or RA that maintains a list of expired certificates Server sends a response with a status of: - Valid - Suspended - Revoked

PKI

Public Key Infrastructure

M of N control

To ensure that no single individual could compromise the security system Requries 2 or more recovery agents There msut be multiple key escrow recovery agents (N) in any givien environment Min number of agents (M) must work together to recover a key


Ensembles d'études connexes

Chapter 8 personal finance Mr. Cook

View Set

MID-TERM FINANCIAL INSTITUTIUON CH. 4

View Set

Ch 11 Course Point Patho taken from http://thepoint.lww.com/Book/Show

View Set

Domain I - Health & Fitness Assessment

View Set

Nclex Review: Depression, Depression NCLEX, Bipolar Disorder NCLEX, Schizophrenia NCLEX Questions, Schizophrenia NCLEX questions, Schizophrenia NCLEX part 2, NCLEX Schizophrenia

View Set

CCNA CISCO 1 Practice Final Exam (Partial)

View Set

Chapter 15: Assessing Head and Neck

View Set

Principles of Finance - Chapter 19 and Smartbook

View Set

Chapter 6: Disorders of the Breasts

View Set

TCI: History Alive: The Ancient World: Chapter 25

View Set

AP Geography: Where is Industry Distributed?

View Set

How the Brain Processes Visual Information

View Set