Certificates 1.4

Question 1

A […] binds a public key with a digital signature

Kinda like a ID card for someone

Answer 1

Digital Certificate

Question 2

[…] is the standard format for a digital certificate

Answer 2

X.509

Question 3

The […] is an inherently trusted component.

• HSM
• Secure Enclave
• Certificate Authority

Answer 3

Root of Trust

Question 4

If you can trust the […], you can trust the website, as it has digitally signed the website certificate.

Usually built into the browser.

Answer 4

Certificate Authority

Question 5

You might use a […] when your company and it’s users will be the only one using it

“No need to purchase trust for devices that already trust you”

Answer 5

Self Signed Certificate

Question 6

A wildcard certificate, or […], allows a certificate to support many different sub domains.

As long as a device is associated with that domain name, the certificate will be valid

Ex:
Google.com
Mail.Google.com
Finance.Google.com

Answer 6

Subject Alternating Name (SAN)

Question 7

The […], maintained by the Certificate Authority, is a list of the certificates that have been revoked.

Answer 7

Certification Revocation List

Question 8

[…] allows a website to supply its validation of its certificate directly to your browser, instead of contacting a 3rd party CA.

The website will periodically fetches a validation response from the CA and attaches it to its SSL/TLS certificate

Answer 8

OCSP Stapling

(Online Certificate Status Protocol)