An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST
step?
A.
Generate a new private key based on AES.
B.
Generate a new public key based on RSA.
C.
Generate a new public key based on AES.
D.
Generate a new private key based on RSA.
Explanation:
the user’s computer must
initiate a certificate signing request (CSR) and present two items of information: The first is proof of the user’s identity; the second is a public key. This public key is
then matched to the CA’s private key, and if successful the certificate is granted to
the user.
0
0
Keys, public or otherwise, can only be created using RSA.
This automatically eliminates A and C, as AES is the protocol in use.
So it is a tossup between: “B.Generate a new public key based on RSA.” And “D.Generate a new private key based on RSA. “
A CSR or “Certificate Signing request” is a block of encrypted text that is generated on the
SERVER that the certificate will be used on.
It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country.
It also contains the public key that will be included in your certificate.
A private key is usually created at the same time that you create the CSR.
So the order of things is as follows:
(1) You create the RSA-based private key first and then
(2) create the matching public key from it, which you include in the certificate signing request (CSR) that you send to the Certificate Authority (CA).
(3) The RSA algorithm technically creates the private key first, but most applications that create the key pair appear to create them at the same time. A session key is a symmetric key, but RSA is an asymmetric algorithm.
(4) The CA generates the certificate revocation list (CRL) to identify revoked certificates.
Online Certificate Status Protocol (OCSP) is an alternative to using CRLs to validate certificates, but it is not required.
So Before creating a CSR, the applicant first generates a key pair, keeping the private key secret.
** The private key is needed to produce, but it is not part of, the CSR.
** The private key is an RSA key.
** The private encryption key that will be used to protect sensitive information.
0
0