Menu

3.5 Given a business requirement, implement the appropriate PKI solution.

PKI hierarchy

 Certificate authority (CA)

 Subordinate/intermediate CA

 Registration authority (RA)

Certificate types

 Wildcard certificate

 Extended validation

 Multidomain

 General purpose

Certificate usages/profiles/templates

 Client authentication

 Server authentication

 Digital signatures

 Code signing

Extensions

 Common name (CN)

 Subject alternate name (SAN)

Trusted providers

Trust model

Cross-certification

Configure profiles

Life-cycle management

Public and private keys

Digital signature

Certificate pinning

Certificate stapling

Certificate signing requests (CSRs)

Online Certificate Status Protocol (OCSP) vs. certificate revocation list (CRL)

HTTP Strict Transport Security (HSTS)

Security Engineering and Cryptography

CASP+ Home