CertiGuide to Security+ - Certificate Authorities (CAs)

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like this CertiGuide? Get it in PDF format!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!

Get It Here!

CertiGuide to Security+
9 Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9 4.3  PKI (Public Key Infrastructure)
           9 4.3.1  Certificates

4.3.1 Certificates

4.3.1.1 Certificate Policies

Certificate Authorities (CAs)

A Certificate Authority is the digital world’s version of a notary public. A Certificate Authority (or CA) is a trusted third party (hopefully a responsible one) that verifies the legitimacy of the public/private key pair as really belonging to the individual in question. They use a variety of techniques, such as verifying one’s email address. You can request a digital certificate from a prominent CA such as VeriSign or Thawte, or (if you only need one for internal testing and don’t need strong validity for production use) generate one yourself using a variety of development tools.

A huge list of CA’s can be found at http://www.pki-page.org. Be aware that the cost for obtaining a digital certificate varies greatly on the source CA you choose, and the use to which you intend to put the certificate (certificates used by those who engage in high-value transactions normally undergo a more rigorous identity-verification process, and thus cost more).

Certificate Authority

A Certificate Authority is a trusted third party that verifies the legitimacy of the public/private key pair as belonging to the individual named in the certificate.

A Certificate Authority is a digital version of a notary public.

Some public Certificate Authorities (CA’s) are specifically authorized or approved by governmental entities, such as the Utah and California state governments.

Not all Certificate Authorities are public. Some organizations may opt to create an internal Certificate Authority for purposes of issuing internal digital certificates to staff.

A Certificate Authority:

Creates and distributes Public/Private keys.
Publishes public keys in open directories.
Secures private keys.
Provides revocation in the event a private key is compromised.
Verifies to users that a subscriber’s certificate is currently valid (has not expired or been revoked)
Acts as a digital notary for the holders of public/private keys.
Has a Registration Authority that is typically publicly available (subject to DoS attacks).

4.3.1 Certificates

4.3.1.1 Certificate Policies

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.