7.5.4 Certificate Types Facts Flashcards
Root Certificate
A root certificate is the first certificate that a Certificate Authority creates. Root certificates are:
Self-signed certificates. These certificates go through a different validation process which varies depending on the certificate and organization.
Used to sign lower-level certificates such as intermediate certificates.
Subject Alternative Name (SAN)
SAN certificates allow an organization to cover multiple domains with one certificate. For example, TestOut could cover the following domains in a single SAN certificate:
TestOut.com
TestOut.net
LabSim.com
Wildcard Certificate
Wildcard certificates are similar to SAN certificates. But instead of covering multiple domains, the organization can cover one domain and multiple subdomains. For example, TestOut could cover the following in one certificate:
quiz.testout.com
labs.testout.com
videos.testout.com
Code Signing Certificate
Code-signing certificates are used by app developers to prove that their application is legitimate.
If a user tries to run an app that does not have a certificate, they will receive an error stating that the app cannot be trusted. The user can decide to close the app or run it.
Self-Signed Certificate
Self-signed certificates are certificates that have not been validated or signed by a CA.
Self-signed certificates are easy and free to make.
Self-signed certificates do not provide the same protection and security as a CA-validated certificate.
When a user visits a website using a self-signed certificate, they see a warning that the certificate is not trusted.
Email Certificate
Secure, encrypted emails are sent using the S/MIME Protocol.
Senders need to know the recipient’s public key when sending a secure email. The public key is found in email certificates.
Email certificates are mainly used in an organization that uses its own CA. But some public CAs provide email certificates as well.
User and Computer Certificate
User and computer certificates are used in a network environment to identify and validate specific users or computers.
When a user or computers logs into a network, their certificate is sent to the server for validation. This provides extra security to the network.