SP6-U3P7

.cer
Click the card to flip 👆
1 / 53
Terms in this set (53)
.cer
The file extension for an X.509 certificate that is stored in a binary file.
.P12
The file extension for a Personal Information Exchange Syntax Standard based on PKCS#12 that defines the file format for storing and transporting a user's private keys with a public key certificate.
.P7B
The file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption.
Authentication Header (AH)
An IPsec protocol that authenticates that packets received were sent from the source.
authentication mode of operation
An information service that provides credentialing by a block cipher mode of operation.
block cipher mode of operation
How block ciphers handle blocks of ciphertext by using a symmetric key block cipher algorithm to provide an information service.
Canonical Encoding Rules (CER)
An X.509 encoding format.
certificate attributes
Fields in an X.509 digital certificate that are used when parties negotiate a secure connection.
certificate authority (CA)
The entity that is responsible for digital certificates.
certificate chaining
Linking several certificates together to establish trust between all the certificates involved.
Certificate Revocation List (CRL)A list of certificate serial numbers that have been revoked.Certificate Signing Request (CSR)A user request for a digital certificate.cipher suiteA named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS and SSL.code signing digital certificateCertificate used by software developers to digitally sign a program to prove that the software comes from the entity that signed it and that no unauthorized third party has altered it.common name (CN)The name of the device protected by the digital certificate.counter (CTR)A block cipher mode of operation that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.digital certificateA technology used to associate a user's identity to a public key and that has been "digitally signed" by a trusted third party.Distinguished Encoding Rules (DER)An X.509 encoding format.domain validation digital certificateCertificate that verifies the identity of the entity that has control over the domain name.email digital certificateA certificate that allows a user to digitally sign and encrypt mail messages.Encapsulating Security Payload (ESP)An IPsec protocol that encrypts packets.expirationThe date of a digital certificate when it ceases to function.Extended Validation (EV) certificateCertificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.Hypertext Transport Protocol Secure (HTTPS)HTTP sent over TLS (Transport Layer Security) or SSL (Secure Sockets Layer).intermediate certificate authority (CA)An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA).Internet Protocol Security (IPsec)A protocol suite for securing Internet Protocol (IP) communications.key escrowA process in which keys are managed by a third party, such as a trusted CA.key managementThe administration by PKI of all the elements involved in digital certificates for digital certificate management of public keys and digital certificates.machine/computer digital certificateCertificate used to verify the identity of a device in a network transaction.offline CAA certificate authority that is not directly connected to a network.online CAA certificate authority that is directly connected to a network.Online Certificate Status Protocol (OCSP)A process that performs a real-time lookup of a certificate's status.Personal Information Exchange (PFX)An X.509 file format that is the preferred file format for creating certificates to authenticate applications or websites.pinningHard-coding a digital certificate within a program that is using the certificate.Privacy Enhancement Mail (PEM)An X.509 file format that uses DER encoding and can have multiple certificates.public key infrastructure (PKI)The underlying infrastructure for the management of public keys used in digital certificates.registration authorityAn entity that is responsible for verifying the credentials of the applicant for a digital certificate.root digital certificateA certificate that is created and verified by a CA.Secure Real-time Transport Protocol (SRTP)A protocol for providing protection for Voice over IP (VoIP) communications.Secure Shell (SSH)An encrypted alternative to the Telnet protocol that is used to access remote computers.Secure Sockets Layer (SSL)An early and widespread cryptographic transport algorithm that is now considered obsolete.Secure/Multipurpose Internet Mail Extensions (S/MIME)A protocol for securing email messages.self-signedA signed digital certificate that does not depend upon any higher-level authority for authentication.SSL strippingAn attack that manipulates SSL functions by intercepting an HTTP connection.staplingA process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response.Subject Alternative Name (SAN)Also known as a Unified Communications Certificate (UCC), certificate primarily used for Microsoft Exchange servers or unified communications.Transport Layer Security (TLS)A widespread cryptographic transport algorithm that replaces SSL.Transport modeAn IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.trust modelThe type of trust relationship that can exist between individuals or entities.tunnel modeAn IPsec mode that encrypts both the header and the data portion.unauthentication mode of operationAn information service that provides a non-credentializing service such as confidentiality by a block cipher mode of operation.user digital certificateThe endpoint of the certificate chain.wildcard digital certificateCertificate used to validate a main domain along with all subdomains.