Click the card to flip 👆
1 / 53
Terms in this set (53)
Certificate Revocation List (CRL)A list of certificate serial numbers that have been revoked.Certificate Signing Request (CSR)A user request for a digital certificate.cipher suiteA named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS and SSL.code signing digital certificateCertificate used by software developers to digitally sign a program to prove that the software comes from the entity that signed it and that no unauthorized third party has altered it.common name (CN)The name of the device protected by the digital certificate.counter (CTR)A block cipher mode of operation that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.digital certificateA technology used to associate a user's identity to a public key and that has been "digitally signed" by a trusted third party.Distinguished Encoding Rules (DER)An X.509 encoding format.domain validation digital certificateCertificate that verifies the identity of the entity that has control over the domain name.email digital certificateA certificate that allows a user to digitally sign and encrypt mail messages.Encapsulating Security Payload (ESP)An IPsec protocol that encrypts packets.expirationThe date of a digital certificate when it ceases to function.Extended Validation (EV) certificateCertificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.Hypertext Transport Protocol Secure (HTTPS)HTTP sent over TLS (Transport Layer Security) or SSL (Secure Sockets Layer).intermediate certificate authority (CA)An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA).Internet Protocol Security (IPsec)A protocol suite for securing Internet Protocol (IP) communications.key escrowA process in which keys are managed by a third party, such as a trusted CA.key managementThe administration by PKI of all the elements involved in digital certificates for digital certificate management of public keys and digital certificates.machine/computer digital certificateCertificate used to verify the identity of a device in a network transaction.offline CAA certificate authority that is not directly connected to a network.online CAA certificate authority that is directly connected to a network.Online Certificate Status Protocol (OCSP)A process that performs a real-time lookup of a certificate's status.Personal Information Exchange (PFX)An X.509 file format that is the preferred file format for creating certificates to authenticate applications or websites.pinningHard-coding a digital certificate within a program that is using the certificate.Privacy Enhancement Mail (PEM)An X.509 file format that uses DER encoding and can have multiple certificates.public key infrastructure (PKI)The underlying infrastructure for the management of public keys used in digital certificates.registration authorityAn entity that is responsible for verifying the credentials of the applicant for a digital certificate.root digital certificateA certificate that is created and verified by a CA.Secure Real-time Transport Protocol (SRTP)A protocol for providing protection for Voice over IP (VoIP) communications.Secure Shell (SSH)An encrypted alternative to the Telnet protocol that is used to access remote computers.Secure Sockets Layer (SSL)An early and widespread cryptographic transport algorithm that is now considered obsolete.Secure/Multipurpose Internet Mail Extensions (S/MIME)A protocol for securing email messages.self-signedA signed digital certificate that does not depend upon any higher-level authority for authentication.SSL strippingAn attack that manipulates SSL functions by intercepting an HTTP connection.staplingA process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response.Subject Alternative Name (SAN)Also known as a Unified Communications Certificate (UCC), certificate primarily used for Microsoft Exchange servers or unified communications.Transport Layer Security (TLS)A widespread cryptographic transport algorithm that replaces SSL.Transport modeAn IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.trust modelThe type of trust relationship that can exist between individuals or entities.tunnel modeAn IPsec mode that encrypts both the header and the data portion.unauthentication mode of operationAn information service that provides a non-credentializing service such as confidentiality by a block cipher mode of operation.user digital certificateThe endpoint of the certificate chain.wildcard digital certificateCertificate used to validate a main domain along with all subdomains.