Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PKI - CA question

Hi, I'm reading about PKI.... what prevents bogus devices from requesting a valid CA certificate - how does the CA verify that the requestor is valid when deciding whether to issue an x.509 certificate to a device?

Thanks, Lisa G

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: PKI - CA question

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

3 REPLIES
Hall of Fame Super Blue

Re: PKI - CA question

Hi Lisa

In answer to your question it is is to do with how the certificate has been validated as to how much trust you put in it eg.

I can apply for a personal verisign certificate using just my e-mail address as identity. I will get a certificate but when using my certfiate people should be aware of how little i did to prove who i was.

For other certificates the company or individual may provide passport/driving license etc. details which give the certificate far more trust.

Obviously this is with a public CA such as Verisign. If you set up your own CA within your company then the CA administrator has a lot more control over who to issue a certificate to.

HTH

Jon

New Member

Re: PKI - CA question

Thanks... very helpful.

New Member

Re: PKI - CA question

In my experience with CA's that are internal, if it is a Microsoft Enterprise CA you can control through Active Directory. You can have a GPO setup to automatically deploy computer/user certificates once they have authenticated with the domain.

111
Views
5
Helpful
3
Replies
CreatePlease login to create content