08-06-2007 06:15 AM - edited 03-09-2019 06:32 PM
Hi, I'm reading about PKI.... what prevents bogus devices from requesting a valid CA certificate - how does the CA verify that the requestor is valid when deciding whether to issue an x.509 certificate to a device?
Thanks, Lisa G
Solved! Go to Solution.
08-06-2007 08:12 AM
Hi Lisa
In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.
I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.
For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.
Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.
HTH
Jon
08-06-2007 08:12 AM
Hi Lisa
In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.
I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.
For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.
Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.
HTH
Jon
08-06-2007 08:46 AM
Thanks... very helpful.
08-20-2007 06:08 PM
In my experience with CA's that are internal, if it is a Microsoft Enterprise CA you can control through Active Directory. You can have a GPO setup to automatically deploy computer/user certificates once they have authenticated with the domain.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: