The cheat sheet is a condensed format of the main facts that you need to know before taking the exam. We must learn the exam concepts and not just the answers to a bank of questions.
Certificate Hierarchy
- CA has a root key
- Stage 1—do you want to install a public or private CA
- Public CA required for trading on the internet (B2B)
- Architect builds the CA and intermediary authorities
- Intermediary authorities issue the certificates
- Certificate pinning—prevents CA compromise and fraudulent certificates
Certificate Validation
- Certificate Revocation List (CRL)—checks certificate validity
- OCSP—used only when the CRL is going slow
- Certificate stapling—when the web server bypasses the CRL and goes directly to the OCSP
Private Keys
- Always retained—never given away
- P12 format, .pfx extension, password protected
- Used to decrypt data
- Used to digitally sign email—provides integrity
- Key Escrow—holds the private keys for third parties...
