Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
|
What is an SSL Certificate? |
The certificate is nothing more than a document containing the public key the client will use to compute key material and information about expiration, common and distinguished names, contact information, etc. |
|
|
In what two ways can a certificate be signed? |
1. Self-signed (all root certificates are self-signed) 2. Signed b a certificate authority (CA) |
|
|
what is a certificate authority? |
The CA is one component within the larger public key infrastructure (PKI). CA’s serve as a trusted 3rd party between server and client, issuing (and revoking) the certificates. |
|
|
If you add an intermediate CA to your trust store, does the computer need to go to the root CA? |
No, it will stop at the intermediate CA if that is trusted |
|
|
The LTM uses what format for ceritificates? |
PEM format |
|
|
PEM format |
base64 encoded ASCII file with BEGIN CERTIFICATE and END CERTIFICATE statements and can contain the private key |
|
|
DER |
binary form of the certificate |
|
|
PKCS#7 |
also a base64 encoded ASCII file, though with BEGIN PKCS7 and END PKCS7 statements. Can not contain the private key. |
|
|
PKCS#12 |
binary form of the certificate, any intermediates, and the private key. |
|
|
DER to PEM |
openssl x509 -inform der -in .der -out .pem |
|
|
PKCS#7 to PEM |
openssl pkcs7 -print_certs -in .p7b -out .pem |
|
|
* PKCS#12 to PEM
|
* openssl pkcs12 -in .pfx -out .pem -nodes
|
|
|
What is a Cipher Suite? |
A cipher suite is a set of ciphers used in the privacy, authentication, and integrity of data passed between a server and client in an SSL session. Any given session uses one cipher, which is negotiated in the handshake |
|
|
The components of the cipher are |
-Key Exchange Algorithm (RSA or DH) -Authentication Algorithm (RSA or DSS. Note that with RSA, Key Exchange and Authentication are combined) – Used for authenticating the server and/or client. X.509 certificates in the case of SSL. -Encryption Algorithm (DES, 3DES, AES, RC4) – Used to encrypt the message payload -Message Authentication Code (MAC) Digest Algorithm (MD5, SHA-1) – Used for message integrity |
|
|
What is Server Name Indication? |
SNI (listed in RFC 4366) is an extension to the TLS protocol that allows the client to include the requested hostname in the first message of the SSL handshake (Client Hello). This allows the server to determine the correct named host for the request and setup the connection accordingly from the start. |
|
|
Client authentication is what? |
a feature that lets you authenticate users that are accessing a server |
