The following table lists terms and definitions used in this PKI configuration discussion.
PKI Configuration Terms and Definitions
| Term | Definition |
|---|---|
| PKI certificate list | One or more X.509 certificates grouped together in a list. |
| X.509 certificate | A certificate issued by a certification authority that binds a public key to an organizational or common name or an alternative DNS-entry. |
| Online Certificate Status Protocol (OCSP) | An Internet protocol, defined in RFC 2560, used for obtaining the revocation status of an X.509 digital certificate. |
| OCSP certificate revocation | The ability of a Certificate Authority (CA) to revoke an issued certificate‘s authorization prior to the issued certificate‘s expiration date in such cases as a compromised user or CA or the issuing of a newer certificate. |
| Certificate Authority (CA) | The digital signing and publishing of a public key bound to a given user based upon X.509 certificate private key that provides trust to the user key. |
| OCSP Responder (OCSR) | An online entity that returns a signed response signifying that the specified certificate in the OCSP request is good, revoked, or unknown. |
| certificate authorization | The step in the login procedure after authentication that determines what the certificate owner is allowed to do. |
| certificate authentication | The verification of the user certificate‘s issuance chain back to the CA by the SSH server in order to determine whether the user is who they claim to be. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB