08-06-2007 06:15 AM - edited 03-09-2019 06:32 PM
Hi, I'm reading about PKI.... what prevents bogus devices from requesting a valid CA certificate - how does the CA verify that the requestor is valid when deciding whether to issue an x.509 certificate to a device?
Thanks, Lisa G
Solved! Go to Solution.
08-06-2007 08:12 AM
Hi Lisa
In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.
I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.
For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.
Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.
HTH
Jon
08-06-2007 08:12 AM
Hi Lisa
In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.
I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.
For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.
Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.
HTH
Jon
08-06-2007 08:46 AM
Thanks... very helpful.
08-20-2007 06:08 PM
In my experience with CA's that are internal, if it is a Microsoft Enterprise CA you can control through Active Directory. You can have a GPO setup to automatically deploy computer/user certificates once they have authenticated with the domain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide