You are applying for a certificate to support HTTPS on a webserver for E-Commerce. Which of the following should you submit to the registration authority? (Wentz QOTD)
A. The openssl utility and 3072 bits key.
B. The key pair and government-issued ID.
C. The certificate signing request only.
D. The certificate signing request and the private key.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The certificate signing request only.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.
The private key is a secret under your custodian. You don’t need to submit the private key to the registration authority (RA). A certificate signing request (file) and ID-proof documents are typically required to apply for a certificate. Some RA may provide online services to generate key pairs (public key and private key) for customers. However, I personally don’t trust those online services that may collect or disclose my private key. I prefer to generate one locally using a key generation tool, e.g., openssl.
Jaouhar Mosbahi provides precise explanation as follows:
- How to: Sign application and deployment manifests
- Manually Generate a Certificate Signing Request (CSR) Using OpenSSL
您正在申請數位憑證以在電子商務的網站伺服器上支持 HTTPS。 您應該向登記機關(Registration Authority)提交下列哪一項？ (Wentz QOTD)
A. openssl 公用程序和 3072 位元之密鑰。
B. 金鑰對(key pair)和政府頒發的 ID。
C. 僅證書簽名請求(Certificate Signing Request)。