Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

Previous Topic/Section
FIPS
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.1  Centralized vs. Decentralized
Next Topic/Section

4.5  Key Management and Certificate Lifecycles

Key pairs and their associated certificates have a defined life cycle. They are initially requested by the individuals or entities requiring them. Typically, this request is made to a Certificate Authority (CA), which is responsible for verifying the requester’s identity and generating a key pair and certificate for them. The CA then sends those items to the requester.

The certificate is then valid for use by the requester until its expiration date, at which point the certificate is automatically revoked. Private keys are typically stored in a secure location, possibly including hardware designed expressly for this purpose. If a key is lost, your PKI may allow for its retrieval via a process known as key recovery.

It is possible to revoke a certificate prior to its expiration, for reasons including compromise of the private key, using a process known as certificate revocation, which permanently invalidates the certificate. You can also temporarily disable a certificate through certificate suspension; you might do this if you suspect key compromise but don’t know for sure yet whether it occurred. Revoked, suspended and expired certificates are placed into one or more certificate revocation notice systems such as a Certificate Revocation List (or CRL).

More information on these and other related topics is included below.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
FIPS
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.1  Centralized vs. Decentralized
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.