Академический Документы
Профессиональный Документы
Культура Документы
Module 06
Managing Certificates
Install a CA Hierarchy
Enroll Certificates
Secure Network Traffic by Using Certificates
Renew Certificates
Back Up and Restore Certificates and Private Keys
Revoke Certificates
CA
Validates and
Issues certificate
accepts certificate
Presents
certificate
CA issuing
user certificates
CA
CA CA
Digital certificates
Certificate authorities
Registration authority
Certificate repository database
Certificate management system
Certificate signing request
Parent
Child Child
Self-signed
certificate
Root CA
Subordinate CA Subordinate CA
Root CA
Manage
certificates
Subordinate CA Subordinate CA
Tight security allows The subordinate CAs are designated by the security required to
individuals to have differing obtain a certificate. Some CAs may be set up to issue a certificate
levels of access to the same with a network ID and password; other CAs may require a person
resources to present a valid driver's license.
6 Entity notified
The server responds by sending its digital certificate and public key to
2. Response
the client.
5. Communication The session key then becomes the key used in the conversation.
Key escrow:
One or more escrow agents can restore
Key backup:
Restore from backup media
1. Recover key
2. Decrypt data
3. Destroy original key
4. Obtain new key pair
5. Encrypt data with new key
Revoked certificate
Contents of CRL
Alternative to CRL
HTTP-based
Checks specific certificate based on request
Sends response with certificate’s status
Lower overhead than CRL
Lacks encryption