- A CA has a root certificate, which it uses to sign keys.
- I would use a private CA for internal use only; these certificates will not be accepted outside of your organization.
- I would use a public CA for B2B activities.
- If you were a military, security, or banking organization, you would keep the CA offline when it is not being used to prevent it from being compromised.
- An architect would build the CA or intermediary authorities.
- The CA would sign the X509 certificates.
- Certificate pinning can be used to prevent a CA from being compromised and fraudulent certificates being issued.
- If two separate PKI entities want to set up a cross certification, the root CAs would set up a trust model between themselves, known as ...
Get CompTIA Security+ Certification Guide now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.