ch 25 Set

Public Key Infrastructure (PKI)

A system that provides the necessary components for secure communication using public key cryptography.

Certificate Authority (CA)

A trusted entity that issues and manages digital certificates.

Registration Authority (RA)

An entity responsible for verifying certificate requests and forwarding them to a CA.

Digital Certificate

An electronic document that binds a public key to an individual or entity.

Certificate Revocation List (CRL)

A list of revoked certificates maintained by a CA.

Online Certificate Status Protocol (OCSP)

A protocol used to check the revocation status of a digital certificate.

Certificate Signing Request (CSR)

A request sent to a CA to obtain a digital certificate.

Common Name (CN)

The primary identifier in a certificate, usually a domain name or personal identifier.

Distinguished Name (DN)

A unique identifier for an entity in a digital certificate.

Subject Alternative Name (SAN)

A field in a certificate that allows multiple domain names to be covered.

Intermediate CA

A subordinate CA that provides a link between the root CA and end-entity certificates.

End-Entity Certificate

A certificate issued to an individual, organization, or device.

Root Certificate

A self-signed certificate that serves as the trust anchor in a PKI.

Wildcard Certificate

A certificate that secures a domain and all its subdomains.

Code-Signing Certificate

A certificate used to digitally sign software to verify its authenticity.

Self-Signed Certificate

A certificate signed by the same entity it certifies, often used internally.

Machine/Computer Certificate

A certificate issued to a computer for authentication.

E-mail Certificate

A certificate used for securing e-mail communications.

Domain Validation Certificate

A low-trust certificate verifying control over a domain.

Extended Validation (EV) Certificate

A high-trust certificate that provides stronger identity verification.

X.509

The standard format for digital certificates.

Distinguished Encoding Rules (DER)

A binary format for encoding certificates.

Privacy-Enhanced Mail (PEM)

A Base64-encoded certificate format commonly used by CAs.

Personal Information Exchange (PFX)

A format used to store certificates and private keys together.

P12 (.pfx, .p12)

A binary format for storing a certificate and private key in one file.

P7B (.p7b, .p7c)

A format containing certificates but no private keys, used in Windows and Java environments.

Stapling

A method that allows a web server to provide OCSP responses directly to clients.

Pinning

The practice of associating a host with a specific certificate or public key.

Trust Model

The structure defining trust relationships between CAs and certificates.

Hierarchical Trust Model

A model with a root CA at the top, issuing certificates to intermediate and end-entity CAs.

Peer-to-Peer Trust Model

A model where CAs cross-certify each other without a single root CA.

Hybrid Trust Model

A combination of hierarchical and peer-to-peer trust models.

Key Escrow

A process where a third party holds a copy of private encryption keys.

Certificate Chaining

The linking of certificates from an end-entity to a root CA to establish trust.