Page 611 - StudyBook.pdf
P. 611
Public Key Infrastructure • Chapter 10 595
■ Certificate Expiration What do you do when a certificate expires?
■ Certificate Renewal When a certificate reaches expiration, will you renew
the certificate with the same key or a different one?
■ Certificate Revocation If information contained in a certificate changes,
or if a key is compromised, what is the process for revoking the certificate?
How is information about the certificate propagated?
■ Key Destruction If keys will no longer be used, is a process in place for
their destruction? Does the process include deregistering the certificate with
the associated CA?
PKI is a robust solution with many components that need to be addressed.
Understanding the components, and the associated standards, protocols, features,
and uses of PKI will help to ensure a smooth integration with the networking
environment.
Exam Objectives Fast Track
PKI
Uses private keys and public keys for encrypting and decrypting messages.
Digital certificates hold information about the owner of the key pair.
Different architectures exist for the creation, distribution, verification, and
management of keys.
Key Management Lifecycle
Private keys need to be stored in a safe place where they are not easily
accessible to the public. Software and hardware mechanisms exist for the
storage of private keys.
Certificates expire and can be renewed as they reach the end of their
validation period.
Certificates may be revoked prior to their expiration due to factors such as
a change in owner information or compromise of private keys.
www.syngress.com
