PKI vs CA?

stopdropp · September 2012

Maybe there is a simple answer and i'm just not grasping it. I'm studying for the cert and i test in 9 days. I have most of the concepts but due to my lack of experience in the IT career field i'm not very familiar with certificates and while reading and researching i can't find any defining lines between a CA or PKI. is PKI simply the idea of certificate distribution and a CA is the specific organization of people who distribute them?

Any help with this question would be appreciated.

NotHackingYou · September 2012

That is basically my understanding. PKI is the infastructure that makes certificates available, usable and revokane.

A CA issues certificates.

paul78 · September 2012

Minor clarification - a CA or Certificate Authority signs a certificate.

Example - if I have a certificate that I want to use so that you can identify me. I would create a certificate signing request or CSR. The CSR is provided to a CA who will create a signature for that CSR and return back the certificate to me for use. If you trust the CA that I use, then whenever I present my certificate to you, the signature from the CA will let you know that it is my certificate because you trust the CA to have previously verified my certificate.

Caveat - not sure if this level of detail is part of Security+.

NotHackingYou · September 2012

paul78 wrote: »

Minor clarification - a CA or Certificate Authority signs a certificate.

Example - if I have a certificate that I want to use so that you can identify me. I would create a certificate signing request or CSR. The CSR is provided to a CA who will create a signature for that CSR and return back the certificate to me for use. If you trust the CA that I use, then whenever I present my certificate to you, the signature from the CA will let you know that it is my certificate because you trust the CA to have previously verified my certificate.

Caveat - not sure if this level of detail is part of Security+.

This is a great point of clarification whether or not the S+ requires it.

jhntbright · September 2012

Briefly: PKI is a collection of software, standardw and policies combined to enable users from the internet or other unsecured public networks to secure exchange data. PKI include as follow:

1. Certificate: a form of electronic credentials validates users, computers, devices on network.
2. Certificate authorities (CA): issure and manage certificates; they validate the identify of network device or user request data.
3. Certificate templates: used to costomize certificates issued by a certifcate server.
4. Certificate revocation list (CRL): a list of certificates that were revoked before they reached certificate expiration date.

stopdropp · September 2012

Thanks for the responses. Much more clear now.
Things like this are always the hardest for me. Like trying to figure out the difference in Risk Mitigation and Risk Deterrence pretty much blew my mind when i started studying a few weeks back.

That much depth probably isn't required but i still appreciate it. Any knowledge is good knowledge from my perspective!
Maybe i'm just over analyzing it all. It's going to be the first cert test I've taken so I'm just a bit nervous.

itsgonnahappen · September 2012

jhntbright wrote: »

Briefly: PKI is a collection of software, standardw and policies combined to enable users from the internet or other unsecured public networks to secure exchange data. PKI include as follow:

1. Certificate: a form of electronic credentials validates users, computers, devices on network.
2. Certificate authorities (CA): issure and manage certificates; they validate the identify of network device or user request data.
3. Certificate templates: used to costomize certificates issued by a certifcate server.
4. Certificate revocation list (CRL): a list of certificates that were revoked before they reached certificate expiration date.

Nice! This is a very concise explanation.

PKI vs CA?

Comments