Certificates Flashcards
Digitally-signed electronic documents that bind a public key with a user’s identity
Certificates
Standard used PKI for digital certificates and contains the owner/user’s
information and the certificate authority’s information
X.509
Allow all of the subdomains to use the same public key certificate and
have it displayed as valid
Wildcard Certificates
Allows a certificate owner to specify additional domains and IP addresses
to be supported
Subject Alternative Name (SAN)
The original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized
Basic Encoding Rules (BER)
A restricted version of the BER that only allows the use of only one
encoding type
Canonical Encoding Rules (CER)
Restricted version of the BER which allows one encoding type and has
more restrictive rules for length, character strings, and how elements of a
digital certificate are stored in X.509
Distinguished Encoding Rules (DER)
Used to verify information about a user prior to requesting that a certificate authority issue the certificate
Registration Authority
The entity that issues certificates to a user
Certificate Authority
An online list of digital certificates that the certificate authority has
revoked
Certificate Revocation List (CRL)
A protocol that allows you to determine the revocation status of a digital
certificate using its serial number
Online Certificate Status Protocol (OCSP)
Allows the certificate holder to get the OCSP record from the server at
regular intervals and include it as part of the SSL or TLS handshake
OCSP Stapling
Allows an HTTPS website to resist impersonation attacks by presenting a
set of trusted public keys to the user’s web browser as part of the HTTP
header
Public Key Pinning
Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key
Key Escrow
A specialized type of software that allows the restoration of a lost
or corrupted key to be performed
Key Recovery Agent
