issuhub.com

CEH

(Jeff_L) #1

66 Chapter 3 ■ Cryptography


The CA will require a party to provide information that proves identity. Items such as

name, address, phone, physical data such as faxed records, and other records and personal

interviews might also be required as policy dictates. Once this information is obtained and

validated, the CA will issue the certificate or validate an existing certificate. A publicly

owned CA such as Thawte or VeriSign typically will perform a background check by ask-

ing the requester to provide documentation such as a driver’s license, passport, or other

form of ID.

When a CA issues a certificate, a series of actions that you should know about takes place:


  1. The request is received.

  2. Background information is requested by the CA and validated.

  3. The information provided by the requester is applied to the certificate.

  4. The CA hashes the certificate.

  5. The issuing CA signs the certificate with their private key.

  6. The requester is informed that their certificate is ready for pickup.

  7. The requester installs the certificate on their computer or device.
    A CA is able to perform a number of roles in addition to the validation process outlined
    here. Some actions that a CA is called on to perform include the following:


Generation of the Key Pair When a CA goes through the process of creating a certificate,

a key pair that is made up of a public and private key is generated. The public key is made

available to the public at large whereas the private key is given to the party requesting the

digital certificate.

Generation of Certificates The CA generates digital certificates for any authorized party

when requested. This certificate is generated after validation of the identity of the request-

ing party, as mentioned earlier.

Publication of the Public Key The public key is bound to each digital certificate. Anyone

who trusts the CA or requests the public key will get the key for their use.

Validation of Certificates When a certificate is presented by one party to another it must

be validated. Since both parties involved typically do not know each other, they must rely

on a third party who is trusted; this is the role of the CA.

Revocation of Certificates If a certificate is no longer needed or trusted, it can be revoked

before it expires.

All CAs are not the same. The types of CAs are as follows:

Root CA The root CA initiates all trust paths. The root CA is the top of the food chain

and thus must be secured and protected; if its trust is called into question, all other systems

will become invalid.

Trusted Root CA A trusted root CA of a CA which is added to an application such as a

browser by the software vendor. It signifies that the application vendor trusts the CA and

assigns the entity a high level of trust.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.