- A CA has a root certificate that he uses to sign keys.
- I would use a private CA for internal use only; these certificates will not be accepted outside of your organization.
- I would use a public CA for b2b activities.
- If you were a military, security, or banking organization, you would keep the CA offline when it is not being used to prevent it being compromised.
- An architect would build the CA or intermediary authorities.
- The CA would sign the X509 certificates.
- Certificate pinning can be used to prevent a CA being compromised and fraudulent certificates being issued.
- If two separate PKI entities want to set up a cross certification, the Root CAs would set up a trust model between themselves, known as a bridge trust ...
Get CompTIA Security+ Certification Guide now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.