CASP+: Certificate Management and Trust Concepts Quiz

Root CA is self-signed

Single point of failure

Different certificate policies for intermediate CAs

Cross certification

Self-sign the root CA certificate

Create a single CA hierarchy

Establish trust between two different CAs

Implement certificate profiles

Within the certificate profiles

In the root CA server

Modern browsers or operating system configurations

Within the intermediate CAs

Define the root CA hierarchy

Define the set of expected certificates within an organization

Deploy certificates to endpoints

Manage the life cycle of certificates

Self-signing the root CA

Cross certification

Careful management of certificates and private keys

Importing additional CAs

Cross certification

Root CA is self-signed

Single point of failure

Different certificate policies for intermediate CAs

It issues certificates to end entities

If compromised, the whole PKI collapses

It is very exposed

It is self-signed

To define certificate profiles

To import additional CAs

To trace leaf certificates back to the root CA

To establish trust between two different CAs

By self-signing the root CA certificate

By taking the root server offline

By expanding the list of trusted providers

By implementing cross certification

To import additional CAs

To define certificate profiles

To build a new PKI and migrate resources

To establish trust between two different CAs