Checking the Validity of Certificates
On this exam there are only 2 ways to check the validity of a certificate:
- CRL (Certificate Signing Request)
- OCSP (Online Certificate Status Protocol)
CRL
- You can use OCSP incase/instead
- You have to download from the CA (Certificate Authority), recommended twice a day
OCSP
- Real-time
- Good, revoked, or unknown
- Public CA
- Internet CA
- You can use a CRL incase/instead
Too much traffic to intermediate CA, then use stapling.
Answer for CRL in the question:
- OCSP
Answers for OCSP in the question:
- CRL
- Stapling
Reasons for revoking a certificate:
Employee leaves the organization
A system is decommissioned
A certificate is superseded
Private key is compromised
Certificate was issued fraudulently
Certificate that have expired do not need to be revoked.
No comments:
Post a Comment