Security+ Domain 5.0: Risk Management: Chapter 29

Chapter 29: Public Key Infrastructure (PKI)

Components

RA

CA

Third-party trust model

Certificate Authority

Intermediate CA

Revocation

CRL

OCSP

Suspension

CSR

X.509: the Certificate Standard

Version Number (usually 1)

Subject (the certificate owner)

Public Key (the whole point)

Issuer (the CA, like Verisign)

Serial Number

Validity: To and From Dates

Certificate Usage (signing, email, encryption)

Signature Algorithms (of the hashing and digital signature algos)

Extension (custom data)

Public Key

Private Key

OID

Online and Offline CAs

Stapling

Pinning

Trust Models

Key Escrow

Certificate Chaining

Types of Certs

End-entity certs

CA certs

Cross-certification certs

Policy certs

Wildcard certs

Code-signing certs

Self-signed certs

Machine / Computer

Email

User

Root

Domain validation

Extended validation

Certificate Formats

.der

.pem

.cer / .crt

.key

.pfx

.p12

.p7b