Public Key Infrastructure (CAoE)

The Basics I

The Basics II

Certificate Types I

Certificate Types II

Certificate Concepts

100

framework that helps establish trust in public key cryptography

Public Key Infrastructure

100

uses public key cryptography to sign and encrypt messages

digital certificates

100

This is the first certificate that a Certificate Authority creates.

Root certificate

100

These are certificates that have not been validated or signed by a CA.

Self-signed certificates

100

This is no longer valid and cannot be reinstated.

revoked certificate

200

This aims to prove that the owners of public keys are who they say they are

Public key infrastructure (PKI)

200

This solves the problem of distributing encryption keys when you want to communicate securely

Public key cryptography

200

These certificates go through a different validation
process, which varies depending on the certificate and organization.

Self-signed certificates

200

Secure, encrypted emails are sent using the S/MIME Protocol.

Email certificate

200

This defines how users and different CAs can trust one another.

root of trust model

300

The certificate's validity is guaranteed by a ______

certificate authority (CA)

300

When you want others to send you confidential messages, you give them your ______

public key

300

These allow an organization to cover multiple domains with one certificate.

Subject Alternative Name (SAN) certificate

300

These are used in a network environment to identify and validate specific users or computers.

User and computer certificates

300

In this model, the root CA issues certificates to one or more intermediate CAs.

hierarchical model

400

This can use private or third-party CAs

PKI

400

When you want to authenticate yourself to others, you sign a _____ of your message

Hash

400

These are similar to SAN certificates. But instead of covering multiple domains, the organization can cover one domain and multiple subdomains.

Wildcard certificates

400

This is the process by which end users create an account with the CA and become authorized to request certificates.

Registration

400

To ensure data and email can always be recovered, you should create a backup of this.

the private keys

500

This is a public assertion of identity validated by a certificate authority (CA)

digital certificate

500

The email message can then only be decrypted by your _____ _____.

private key

500

These are used by app developers to prove their application is legitimate.

Code-signing certificates

500

These is a file containing the information the subject wants to use in the certificate, including its public key.

certificate signing request (CSR)

500

To mitigate private or secret key loss or damage, _____ _____ and quorum of persons controls can be used to mitigate.

Key escrow