Public Key Infrastructure (PKI) is a vital management tool for the use of asymmetric cryptography and digital certificates. A PKI involves components (e.g., Certification Authority, Intermediate Certificate, Certification Revocation List, and so on), PKI concepts (e.g., Stapling, Pinning, Trust Models, and so forth), certificate types (e.g., Wildcards, SAN, Code Signing, Email, Root, and more), and certificate formats (e.g., DER, PEM, PFX, P12, etc). The following sections will elaborate on these concepts in greater details.
The Security+ aspirants must be mindful of the following important PKI components.
Certificate Authority (CA):
A Certificate Authority (CA) is the third-party trusted agency that issues digital certificates for verifying entities on the internet. Examples of the best certification authorities today include Symantec, VeriSign, GeoTrust, Comodo, and Digicert. The CA can be either an external to the company, such as a Commercial CA that charges for its service, or an Internal CA to the company, one that facilitates a service to its own workforce.
Generally, CA is responsible for the following duties:
Intermediate CA:
An Intermediate CA is a subordinate Certificate Authority issued by the trusted Root to sign digital keys. Intermediate CAs help the Root CA in distributing the workload of issuing and verifying the certificates.
Certificate Revocation List (CRL):
A CRL is a list of the serial numbers of digital certificates whose current status has been revoked. Various Certification Authorities maintain an online CRL that can be queried by inserting a certificate serial number. Additionally, a local (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/2armHCFNQo4/
Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…
This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…