Chapter 29: Public Key Infrastructure (PKI)
Components
RA
CA
Third-party trust model
Certificate Authority
Intermediate CA
Revocation
CRL
OCSP
Suspension
CSR
X.509: the Certificate Standard
Version Number (usually 1)
Subject (the certificate owner)
Public Key (the whole point)
Issuer (the CA, like Verisign)
Serial Number
Validity: To and From Dates
Certificate Usage (signing, email, encryption)
Signature Algorithms (of the hashing and digital signature algos)
Extension (custom data)
Public Key
Private Key
OID
Online and Offline CAs
Stapling
Pinning
Trust Models
Key Escrow
Certificate Chaining
Types of Certs
End-entity certs
CA certs
Cross-certification certs
Policy certs
Wildcard certs
Code-signing certs
Self-signed certs
Machine / Computer
User
Root
Domain validation
Extended validation
Certificate Formats
.der
.pem
.cer / .crt
.key
.pfx
.p12
.p7b