Implementation should include
- components
- Certificate Authority (CA)
- Intermediate CA
- Certificate Revocation List (CRL)
- Online Certificate Status Protocol (OCSP)
- Certificate Signing Request (CSR)
- Certificate
- Public key
- Private key
- Object identifiers (OID)
- concepts
- online vs. offline CA
- stapling
- pinning
- trust model
- key escrow
- certificate chaining
- types of certificates
- wildcard
- Subject Alternative Name (SAN)
- code signing
- self-signed
- machine/computer
- email
- user
- root
- domain validation
- extended validation
- certificate formats
- Distinguished Encoding Rules (DER)
- Privacy-enhanced Electronic Mail (PEM)
- Perfect Forward Secrecy (PFX)
- Certificate (CER)
- PKCS #12 (P12)
- P7B.
Process/Skill Questions:
- What are the different formats of standard certificates?
- What is the difference between self-signed and code-signed certificates?
- What does it mean when a browser claims that a website is not secured?