PKI - CA question

Answered Question
Aug 6th, 2007

Hi, I'm reading about PKI.... what prevents bogus devices from requesting a valid CA certificate - how does the CA verify that the requestor is valid when deciding whether to issue an x.509 certificate to a device?

Thanks, Lisa G

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 4 months ago

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 08/06/2007 - 08:12

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

david.keil Mon, 08/20/2007 - 18:08

In my experience with CA's that are internal, if it is a Microsoft Enterprise CA you can control through Active Directory. You can have a GPO setup to automatically deploy computer/user certificates once they have authenticated with the domain.

Actions

This Discussion