- A CA has a root certificate that he uses to sign keys.
- I would use a private CA for internal use only; these certificates will not be accepted outside of your organization.
- I would use a public CA for b2b activities.
- If you were a military, security, or banking organization, you would keep the CA offline when it is not being used to prevent it being compromised.
- An architect would build the CA or intermediary authorities.
- The CA would sign the X509 certificates.
- Certificate pinning can be used to prevent a CA being compromised and fraudulent certificates being issued.
- If two separate PKI entities want to set up a cross certification, the Root CAs would set up a trust model between themselves, known as a bridge trust ...
With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, interactive tutorials, and more.