The following table lists terms and definitions used in this PKI configuration discussion.
Term | Definition |
---|---|
PKI certificate list | One or more X.509 certificates grouped together in a list. |
X.509 certificate | A certificate issued by a certification authority that binds a public key to an organizational or common name or an alternative DNS-entry. |
Online Certificate Status Protocol (OCSP) | An Internet protocol, defined in RFC 2560, used for obtaining the revocation status of an X.509 digital certificate. |
OCSP certificate revocation | The ability of a Certificate Authority (CA) to revoke an issued certificate‘s authorization prior to the issued certificate‘s expiration date in such cases as a compromised user or CA or the issuing of a newer certificate. |
Certificate Authority (CA) | The digital signing and publishing of a public key bound to a given user based upon X.509 certificate private key that provides trust to the user key. |
OCSP Responder (OCSR) | An online entity that returns a signed response signifying that the specified certificate in the OCSP request is good, revoked, or unknown. |
certificate authorization | The step in the login procedure after authentication that determines what the certificate owner is allowed to do. |
certificate authentication | The verification of the user certificate‘s issuance chain back to the CA by the SSH server in order to determine whether the user is who they claim to be. |