Certs - Paiet/Tech-Journal-for-Everything GitHub Wiki
- Root and Sub CA Certs
- Self-signed
- Machine Certifcate
- Servers
- Cliente Machines
- Network Devices
- User Certificates
- Disk Encryption
- Identity
- S/MIME
- Code Signing Certificates
- Wildcard Certificates
- *.google.com
- Validation Certificates
- DV
- OV
- EV
- IV
- Certificate Format
- .der
- .pem
- PKCS#7
- PKCS#12
- Demo - Show the RootCA and self-signed
- Demo - Initiate a CSR with MMC and Certificate Snap-in
- Demo - Local Machine/Local User Certificate Snap-ins
- Demo - Show available certificates, discuss properties
- Demo - Start installation of NotePad++ (code signing)
- Demo - start the Certificate Export Wizard (Formats)
- Demo - start without private key - show formats
- Demo - Show with private key formats
Public Key Infrastructure (PKI) - comprehensive system required to provide public-key encryption and digital signature services. It has three primary purposes:
1\. publish public keys/certificates
2. certify that a key is tied to an individual or entity
3. provide verification of the validity of a public key
NOTE: PKI functions, or not, based on the TRUST of all of the participants in the system; remove the trust and the system crashes
Digital Certificates - assurance mechanism that allows communicating parties to establish their identity
X.509 v3 is current format most widely used. Part of the X.500 family of standards
Specific information contained in a Digital Certificate:
a. Version of conformity (v3)
b. Serial number (unique tracking mechanism from creator)
c. Signature algorithm used to sign the certificate by the Certificate
Authority (CA)
d. Issuer Name
e. Validity Period
f. Subject's Name (the Distinguished Name, DN, of the owner of the public key in the certificate)
g. Subject's Public Key