Hello and work about the Sai Buri 2019 Humpty, a security plus certification profession course.
We're going there to my discussion on Marginal Most six, which is in fact, it's domain six and the topic discussion will be cartography and P. K. I
surprising enough. We have our very last learning objective for this particular course, which is 6.4. Give it a scenario. Implement public key infrastructure
here again of the topics which we're gonna highlight doing this particular presentation, ranging from the various components
all way down to the very last one, was called objective identifier.
At this point time, we have our pre assessment quiz. What you need determined here, whether or not the statement here is either a true statement or effect a false statement and it reads as follows.
An ex 0.509 certificate is a disgraced if it used to verify that a public key belongs to a particular enemy. In other words, user, computer or service. Is that true or false?
If you send it to chew, you absolutely correct
turned out it toward a discussion of the components and regards to the public key infrastructure when they wanna point out here that the public key infrastructure is a system designed to manage the creation, distribution, identification. It will re vocation of your public keys.
Some components requires, such as your see A others are options such as your OCP OSI SP.
So they take a look at some of the components off the P K I.
First of all we have are certification authority base. It is a trusted entity that issue the digital stiffing based upon the ex 0.509 standard
basically. Also, Bortolussi is a very Asian of the sea certification authority and that it performs day to day work of signing certificates and updates provocation information up certificates as well.
Then we have CRL, which is used to verify the authenticity of certificates and identify revoked certificates.
A certificate vocation list of CRL is a list of digital certificates. They have been revoked by the issue of C A certificate authority and should no longer be trusted.
Then we have your online certificates status protocol basis used to verify the authenticity of certificates and identify revoked certificates.
It provides a request slash response mechanism for clients to obtain the relocation status off a digital certificate.
Then we have you have our CSR, which is a certificate signing request, which is specifically a four minute message sent from an applicant to a C. Other words a certification authority for the purpose of a question. A digital certificate,
components we need to understand. Called certificate.
An ex top five or nine certificate is a difficult certificate used to verify that a public he belongs to a particular in any other words, a user, computer or service.
Public key is used by a center to encrypt a message using the recipient Public key.
Ah, private key is used by the recipient to decrypt the message that was encrypted using the public key.
Then we have the object identified, which is used to name almost every object type in the x 0.509 certificate Other words, components of distinguished names or CIA. CPS is as well
continue our discussion of this particular very last many objective in this particular course.
Give us a narrow imprint, public key infrastructure.
We're going t owned by taking a look at some different concepts
in terms of with online versus offline see
and lastly, but certainly so what's certificate chaining?
This brings us to some concepts when we look at online versus offline, see and offline, say is is that in his purest sense is one with no network connection
and all. I see your certificate authority in its purest sense is one wolf network connection.
Continue on by taking a look at some different concepts.
Stapling, basically, is that OS O CSP stapling is a standard for checking to refer cases. Status off your ex Top 509 Digital certificates.
Pinning is a security mechanism that helps websites prevent impersonation by Attackers using fortunate disagree certificates.
The trusted more is a peak A. In this case, it relies on the high Arco Trust model that instead of science to 1/3 party, the responsibility of establishing trust relation between two parties.
Key Esko is a key exchange process in which a key is used to decrypt data
that's held in escrow or stored by 1/3 party
certificate. Chaining destructive is that our verify using certificate changing which it which is an ordered list off certificates in I Harkey,
get to your discussion. It is very last objective in this particular course 6.4. Given a scenario imprint Public key infrastructure We're gonna take a look at the types of certificates ranging from a wild card all way down to extended validation
now discussed if it is an electron and secure password that allows a person organization to exchange data security over the Internet. Utilizing PK I. Other words Public key infrastructure.
When we look at a wild card, it's a digital certificate that is used with a domain and all
the correspondence. Subordinates.
You have a subject alternative name or saying it allows your additional shoved it names to be associated with a digital certificate.
Coinciding is a district if it used to confirm the software
author and ensure that the court has not been somehow altered.
Seth Sudden is a desert if it that it's signed using its own
machines. Last computer is a desert. If it that our side to a machine or a computer
continue our discussion of the different types of activity we have email
securing email using desertification sure is that confidentiality integrity of the message between parties
our user is is a tiffy aside to a user is required to allow users to side or encrypt email.
A root certificate is a top Most certificate assigned to a root certificate authority
is also the most important certificate in your P K I
domain. Validated is a tiffy is a dispositive in which the domain name of the applicant has been validated by providing other word proven ownership of the DNS, or domain name and services. Domain
Extended validation is a tip it, which is signatory, the main validated certificate. But Wilmore scrimmage it verification, of course, in the entities identity by a C A.
Continuing with our discussion up, obviously taking a look at 6.4, giving us never in public key infrastructure. We're gonna take a look at some different types of certificate formats.
Therefore, certificate formats. Once you got just if it files check, institute file extension will allow you to know what's in the file and which file fits your best. Best fits your needs. Some of these extension also used for other data, such as public keys.
It's a typical Santa using required to allow users to sign or
A root certificate is a top most certificate signed to the roots. See, it's also the most important certificate in your p K. I.
Do we have what we call distinguishing coating. Rule Basic is a binary encoded certificate.
Then we have the privacy enhanced Elektronik Mill, a perm,
which is a variation of D er type certificate.
CR is a father stitches for your certificate fouls.
Then we have our P seven. B was the public key cryptography standard
certificate. It contains only certificates or certificate change certificates, but not the private key.
Then we have what we call our
P F X, which is a binding encoded the P F X certificate stores. To serve a certificate, implement certificates and private keys in an encrypted file
p of X certificates coming. Use what we call the dot PF x file extension or words maim extension.
Then we have the P 12. It contains certificates and password protected private keys. It is the success of the P F X certificate and calmly uses the dot p x 12 file name extension.
It is four time we have our post assessment quiz,
and it reads as follows. A private keys used by was sipping to decrypt a message that was encrypted using the public key is this true or false?
If you said that it's true, you're absolutely correct.
Let's not turn attention toward key takeaways from this very last objective. In this course, we know that the desert certificate is an electron and secure password that allows a person
organization to exchange data security over the Internet. Utilizing P k I.
We learned the desertification are verify using certificate chaining, which is an order list of certificates in a Harkey
we don't need a wild card is a desertification that is used with a domain and all corresponding domains.
We know that a key escrow is a key exchange process in which a key used to encrypt other words. Decrypted data is held in escrow or stored by 1/3 party.
At this port time. We wish the very end of this particular course dinner again with this Sai Buri 2019
come tier security plus certification course. And again, I want to thank you very much for your attention to detail during this particular course, and I look forward to seeing your future training presentations