Pinning

Borrowed authority

Third-party trust model

Stapling

Hardware and software

Policies and procedures

People who manage certificates

All of the above

Revocations

Trust level provided to users

Key entropy

How the keys are stored

It was using the wrong algorithm.

You are querying the incorrect certificate authority

It was revoked

The third-party trust model failed.

It must have the e-mail addresses of all the certificate owners. 

It must contain a list of all expired certificates.

It must contain information about all the subdomains covered by the CA.

It must be posted to a public directory.

It reviews the CRL for the client and provides a status about the certificate being validated.

 It outlines the details of a certificate authority, including how identities are verified, the steps the CA follows to generate certificates, and why the CA can be trusted.

It provides for a set of values to be attached to the certificate.

It provides encryption for digital signatures.

SSL providers

Digital certificates

Certificate revocation lists

Public key infrastructure