Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:00
Hello and work about the Sai Buri 2019 Humpty, a security plus certification profession course.
00:09
We're going there to my discussion on Marginal Most six, which is in fact, it's domain six and the topic discussion will be cartography and P. K. I
00:19
surprising enough. We have our very last learning objective for this particular course, which is 6.4. Give it a scenario. Implement public key infrastructure
00:31
here again of the topics which we're gonna highlight doing this particular presentation, ranging from the various components
00:37
all way down to the very last one, was called objective identifier.
00:43
At this point time, we have our pre assessment quiz. What you need determined here, whether or not the statement here is either a true statement or effect a false statement and it reads as follows.
00:55
An ex 0.509 certificate is a disgraced if it used to verify that a public key belongs to a particular enemy. In other words, user, computer or service. Is that true or false?
01:07
If you send it to chew, you absolutely correct
01:11
turned out it toward a discussion of the components and regards to the public key infrastructure when they wanna point out here that the public key infrastructure is a system designed to manage the creation, distribution, identification. It will re vocation of your public keys.
01:26
Some components requires, such as your see A others are options such as your OCP OSI SP.
01:37
So they take a look at some of the components off the P K I.
01:41
First of all we have are certification authority base. It is a trusted entity that issue the digital stiffing based upon the ex 0.509 standard
01:51
in immediate see a
01:53
basically. Also, Bortolussi is a very Asian of the sea certification authority and that it performs day to day work of signing certificates and updates provocation information up certificates as well.
02:07
Then we have CRL, which is used to verify the authenticity of certificates and identify revoked certificates.
02:15
A certificate vocation list of CRL is a list of digital certificates. They have been revoked by the issue of C A certificate authority and should no longer be trusted.
02:25
Then we have your online certificates status protocol basis used to verify the authenticity of certificates and identify revoked certificates.
02:37
It provides a request slash response mechanism for clients to obtain the relocation status off a digital certificate.
02:45
Then we have you have our CSR, which is a certificate signing request, which is specifically a four minute message sent from an applicant to a C. Other words a certification authority for the purpose of a question. A digital certificate,
03:00
some additional
03:01
components we need to understand. Called certificate.
03:05
An ex top five or nine certificate is a difficult certificate used to verify that a public he belongs to a particular in any other words, a user, computer or service.
03:15
Public key is used by a center to encrypt a message using the recipient Public key.
03:22
Ah, private key is used by the recipient to decrypt the message that was encrypted using the public key.
03:30
Then we have the object identified, which is used to name almost every object type in the x 0.509 certificate Other words, components of distinguished names or CIA. CPS is as well
03:44
continue our discussion of this particular very last many objective in this particular course.
03:51
Give us a narrow imprint, public key infrastructure.
03:53
We're going t owned by taking a look at some different concepts
03:57
in terms of with online versus offline see
04:01
and lastly, but certainly so what's certificate chaining?
04:05
This brings us to some concepts when we look at online versus offline, see and offline, say is is that in his purest sense is one with no network connection
04:15
and all. I see your certificate authority in its purest sense is one wolf network connection.
04:23
Continue on by taking a look at some different concepts.
04:27
Stapling, basically, is that OS O CSP stapling is a standard for checking to refer cases. Status off your ex Top 509 Digital certificates.
04:39
Pinning is a security mechanism that helps websites prevent impersonation by Attackers using fortunate disagree certificates.
04:47
The trusted more is a peak A. In this case, it relies on the high Arco Trust model that instead of science to 1/3 party, the responsibility of establishing trust relation between two parties.
05:00
Key Esko is a key exchange process in which a key is used to decrypt data
05:08
that's held in escrow or stored by 1/3 party
05:12
certificate. Chaining destructive is that our verify using certificate changing which it which is an ordered list off certificates in I Harkey,
05:24
get to your discussion. It is very last objective in this particular course 6.4. Given a scenario imprint Public key infrastructure We're gonna take a look at the types of certificates ranging from a wild card all way down to extended validation
05:40
now discussed if it is an electron and secure password that allows a person organization to exchange data security over the Internet. Utilizing PK I. Other words Public key infrastructure.
05:53
When we look at a wild card, it's a digital certificate that is used with a domain and all
05:59
the correspondence. Subordinates.
06:00
You have a subject alternative name or saying it allows your additional shoved it names to be associated with a digital certificate.
06:11
Coinciding is a district if it used to confirm the software
06:15
author and ensure that the court has not been somehow altered.
06:19
Seth Sudden is a desert if it that it's signed using its own
06:25
public key
06:27
machines. Last computer is a desert. If it that our side to a machine or a computer
06:34
continue our discussion of the different types of activity we have email
06:39
securing email using desertification sure is that confidentiality integrity of the message between parties
06:46
our user is is a tiffy aside to a user is required to allow users to side or encrypt email.
06:55
A root certificate is a top Most certificate assigned to a root certificate authority
07:00
is also the most important certificate in your P K I
07:05
domain. Validated is a tiffy is a dispositive in which the domain name of the applicant has been validated by providing other word proven ownership of the DNS, or domain name and services. Domain
07:19
Extended validation is a tip it, which is signatory, the main validated certificate. But Wilmore scrimmage it verification, of course, in the entities identity by a C A.
07:31
Continuing with our discussion up, obviously taking a look at 6.4, giving us never in public key infrastructure. We're gonna take a look at some different types of certificate formats.
07:45
Therefore, certificate formats. Once you got just if it files check, institute file extension will allow you to know what's in the file and which file fits your best. Best fits your needs. Some of these extension also used for other data, such as public keys.
08:01
It's a typical Santa using required to allow users to sign or
08:05
encrypt email.
08:07
A root certificate is a top most certificate signed to the roots. See, it's also the most important certificate in your p K. I.
08:16
Do we have what we call distinguishing coating. Rule Basic is a binary encoded certificate.
08:22
Then we have the privacy enhanced Elektronik Mill, a perm,
08:28
which is a variation of D er type certificate.
08:33
CR is a father stitches for your certificate fouls.
08:37
Then we have our P seven. B was the public key cryptography standard
08:43
certificate. It contains only certificates or certificate change certificates, but not the private key.
08:50
Then we have what we call our
08:54
P F X, which is a binding encoded the P F X certificate stores. To serve a certificate, implement certificates and private keys in an encrypted file
09:03
p of X certificates coming. Use what we call the dot PF x file extension or words maim extension.
09:13
Then we have the P 12. It contains certificates and password protected private keys. It is the success of the P F X certificate and calmly uses the dot p x 12 file name extension.
09:28
It is four time we have our post assessment quiz,
09:31
and it reads as follows. A private keys used by was sipping to decrypt a message that was encrypted using the public key is this true or false?
09:43
If you said that it's true, you're absolutely correct.
09:45
Let's not turn attention toward key takeaways from this very last objective. In this course, we know that the desert certificate is an electron and secure password that allows a person
09:56
organization to exchange data security over the Internet. Utilizing P k I.
10:03
We learned the desertification are verify using certificate chaining, which is an order list of certificates in a Harkey
10:11
we don't need a wild card is a desertification that is used with a domain and all corresponding domains.
10:20
We know that a key escrow is a key exchange process in which a key used to encrypt other words. Decrypted data is held in escrow or stored by 1/3 party.
10:33
At this port time. We wish the very end of this particular course dinner again with this Sai Buri 2019
10:41
come tier security plus certification course. And again, I want to thank you very much for your attention to detail during this particular course, and I look forward to seeing your future training presentations

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor