Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
5
Helpful
3
Replies

PKI - CA question

Go to solution
lgontarsk
Level 1
Level 1

‎08-06-2007 06:15 AM - edited ‎03-09-2019 06:32 PM

Hi, I'm reading about PKI.... what prevents bogus devices from requesting a valid CA certificate - how does the CA verify that the requestor is valid when deciding whether to issue an x.509 certificate to a device?

Thanks, Lisa G

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-06-2007 08:12 AM

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-06-2007 08:12 AM

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

0 Helpful

Go to solution
lgontarsk
Level 1
Level 1
In response to Jon Marshall

‎08-06-2007 08:46 AM

Thanks... very helpful.

0 Helpful

Go to solution
david.keil
Level 1
Level 1
In response to lgontarsk

‎08-20-2007 06:08 PM

In my experience with CA's that are internal, if it is a Microsoft Enterprise CA you can control through Active Directory. You can have a GPO setup to automatically deploy computer/user certificates once they have authenticated with the domain.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents