Your company sells toys online through a large-scale web-based E-commerce system. You are applying for an X.509 certificate to support secure transmission. Which of the following is most feasible? (Wentz QOTD)
A. Submit a PKCS #10 file containing the key pair to the registration authority.
B. Install the issued certificate on the load balancer instead of the web servers.
C. Download a validated X.509 certificate in a .pfx file from the validation authority.
D. Authenticate to the certification authority for the approval of the certificate signing request.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Install the issued certificate on the load balancer instead of the web servers.
- The private key should be kept secret. It’s not a good idea to submit a PKCS #10 file containing the key pair, which includes the private key, to the registration authority.
- The registration authority authenticates the applicant for the approval of the certificate signing request.
- A validated X.509 certificate in a .pfx file is downloaded from the certificate authority.
- The issued certificate should be on the web servers. However, it’s common to install the issued certificate on the load balancer to offload the SSL/TLS traffic from web servers.
- Public key infrastructure
- Digital Certificate
- X.509 Extensions
- Privacy-Enhanced Mail (PEM)
- SSL Certificate Formats
- Certificate signing request
- Manually Generate a Certificate Signing Request (CSR) Using OpenSSL
- What Is SSL Offloading? How Does SSL Offloading Work?
- SSL Offloading Definition
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
貴公司通過一個大型網站的電子商務系統在線銷售玩具。 您正在申請X.509的數位憑證以支持安全傳輸。 以下哪項是最可行的？(QOTD)
A. 向註冊機構(RA)提交包含密鑰對(key pair)的PKCS #10文件。
B. 在負載平衡器而不是 Web 服務器上安裝頒發的憑證。