PKI vs CA?

stopdropp

Maybe there is a simple answer and i'm just not grasping it. I'm studying for the cert and i test in 9 days. I have most of the concepts but due to my lack of experience in the IT career field i'm not very familiar with certificates and while reading and researching i can't find any defining lines between a CA or PKI. is PKI simply the idea of certificate distribution and a CA is the specific organization of people who distribute them?

Any help with this question would be appreciated.

NotHackingYou

That is basically my understanding. PKI is the infastructure that makes certificates available, usable and revokane.

A CA issues certificates.

paul78

Minor clarification - a CA or Certificate Authority signs a certificate.

Example - if I have a certificate that I want to use so that you can identify me. I would create a certificate signing request or CSR. The CSR is provided to a CA who will create a signature for that CSR and return back the certificate to me for use. If you trust the CA that I use, then whenever I present my certificate to you, the signature from the CA will let you know that it is my certificate because you trust the CA to have previously verified my certificate.

Caveat - not sure if this level of detail is part of Security+.

NotHackingYou

paul78 wrote: »

Minor clarification - a CA or Certificate Authority signs a certificate.

Example - if I have a certificate that I want to use so that you can identify me. I would create a certificate signing request or CSR. The CSR is provided to a CA who will create a signature for that CSR and return back the certificate to me for use. If you trust the CA that I use, then whenever I present my certificate to you, the signature from the CA will let you know that it is my certificate because you trust the CA to have previously verified my certificate.

Caveat - not sure if this level of detail is part of Security+.

This is a great point of clarification whether or not the S+ requires it.

jhntbright

Briefly: PKI is a collection of software, standardw and policies combined to enable users from the internet or other unsecured public networks to secure exchange data. PKI include as follow:

1. Certificate: a form of electronic credentials validates users, computers, devices on network.
2. Certificate authorities (CA): issure and manage certificates; they validate the identify of network device or user request data.
3. Certificate templates: used to costomize certificates issued by a certifcate server.
4. Certificate revocation list (CRL): a list of certificates that were revoked before they reached certificate expiration date.

stopdropp

Thanks for the responses. Much more clear now.
Things like this are always the hardest for me. Like trying to figure out the difference in Risk Mitigation and Risk Deterrence pretty much blew my mind when i started studying a few weeks back.

That much depth probably isn't required but i still appreciate it. Any knowledge is good knowledge from my perspective!
Maybe i'm just over analyzing it all. It's going to be the first cert test I've taken so I'm just a bit nervous.

itsgonnahappen

jhntbright wrote: »

Briefly: PKI is a collection of software, standardw and policies combined to enable users from the internet or other unsecured public networks to secure exchange data. PKI include as follow:

1. Certificate: a form of electronic credentials validates users, computers, devices on network.
2. Certificate authorities (CA): issure and manage certificates; they validate the identify of network device or user request data.
3. Certificate templates: used to costomize certificates issued by a certifcate server.
4. Certificate revocation list (CRL): a list of certificates that were revoked before they reached certificate expiration date.

Nice! This is a very concise explanation.