2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet240/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   236   237   238   239   240   241   242   243   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

 Certificate Authorities 
Certifi cate authorities
(CAs) are the glue that binds the public key infrastructure together. 
These neutral organizations offer notarization services for digital certifi cates. To obtain a 
digital certifi cate from a reputable CA, you must prove your identity to the satisfaction of 
the CA. The following list includes some of the major CAs that provide widely accepted 
digital certifi cates: 

Symantec 

IdenTrust 

Amazon Web Services 

GlobalSign 

Comodo 

Certum 

GoDaddy 

DigiCert 

Secom 

Entrust 

Actalis 

Trustwave
Nothing is preventing any organization from simply setting up shop as a CA. However, 
the certifi cates issued by a CA are only as good as the trust placed in the CA that issued 
them. This is an important item to consider when receiving a digital certifi cate from a third 
party. If you don’t recognize and trust the name of the CA that issued the certifi cate, you 
shouldn’t place any trust in the certifi cate at all. PKI relies on a hierarchy of trust relation-
ships. If you confi gure your browser to trust a CA, it will automatically trust all of the 
digital certifi cates issued by that CA. Browser developers preconfi gure browsers to trust the 
major CAs to avoid placing this burden on users. 
Registration authorities
(RAs) assist CAs with the burden of verifying users’ identities 
prior to issuing digital certifi cates. They do not directly issue certifi cates themselves, but 
they play an important role in the certifi cation process, allowing CAs to remotely validate 
user identities. 


Public Key Infrastructure 
251
Certificate Path validation
You may have heard of 
certificate path validation
(CPV) in your studies of certificate 
authorities. CPV means that each certificate in a certificate path from the original start or 
root of trust down to the server or client in question is valid and legitimate. CPV can be 
important if you need to verify that every link between “trusted” endpoints remains cur-
rent, valid, and trustworthy.
This issue arises from time to time when intermediary systems’ certificates expire or are 
replaced; this can break the chain of trust or the verification path. By forcing a reverifica-
tion of all stages of trust, you can reestablish all trust links and prove that the assumed 
trust remains assured.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   236   237   238   239   240   241   242   243   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish