PKI - Certificates Transcription

Welcome to our public key infrastructure module. In this module we will discuss digital certificates. Digital certificates are primarily used to prove identity, and are used as an authentication mechanism. Digital certificates are also used as a mechanism for distributing public keys. The users public key is stored within their digital certificate, and the digital certificate is associated with one unique user.

All of the data that's contained in the digital certificate is signed by the trusted certificate authority to prevent tampering. This signing is accomplished using DSA, or the Digital Signature Algorithm, and SHA-1 hashing It's important to remember that the standard used to create digital certificates is the x dot five zero nine version three standard.

There will most likely be a question on the CISSP exam asking you which standard applies to digital certificates. One easy way to remember this is that there's nine letters in the words public key, and that the standard ends in the number nine. There are several different components of digital certificates.

Some of these components include the version number, a serial number, which is used to uniquely identify the certificate, the issue of the certificate, the valid to and from dates, and the identification of the subject that was issued their certificate. One important item to remember for the CISSP exam is that the private key is never stored in the digital certificate.

We keep our private key private so therefore we would not place it inside a digital certificate that we freely share with other individuals that we communicate with. Here we can see a few examples of digital certificates. The certificate on the left was issued to Verisign, and it is valid from May of 1998 to May of 2008.

The certificate on the right we can see the serial number listed at the top this is how we uniquely identify the certificate. And if it becomes necessary to revoke the certificate, we would use this serial number to do so. We can see that it uses the SHA-1 RSA signature algorithm.

We can see the valid to and from dates. And we can see that it was issued to At the bottom we can see that they're using a 2048 bit RSA public key, and if we look in the window below that we can see a portion of the key.

It's a very lengthy key, so this window does not display the entire key. This concludes our public key infrastructure module. Thank you for watching.

