Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Copyright
    Acknowledgments
    Foreword
    Introduction
    Pt. 1. Foundations of PKI
    Pt. 2. Establishing a PKI
    Pt. 3. Deploying Application-Specific Solutions
    Ch. 17. Identity Lifecycle Manager 2007 Certificate Management
    Ch. 18. Archiving Encryption Keys
    Ch. 19. Implementing SSL Encryption for Web Servers
    Ch. 20. Encrypting File System
    Ch. 21. Deploying Smart Cards
    Ch. 22. Secure E-Mail
    Ch. 23. Virtual Private Networking
    Ch. 24. Wireless Networking
    Ch. 25. Document and Code Signing
    Ch. 26. Deploying Certificates to Domain Controllers
    Ch. 27. Network Device Enrollment Service
    Appx. A. Case Study Questions and Answers
    Chapter 1: Cryptography Basics
    Chapter 2: Primer to PKI
    Chapter 3: Policies and PKI
    Chapter 4: Preparing an Active Directory Environment
    Chapter 5: Designing a Certification Authority Hierarchy
    Chapter 6: Implementing a CA Hierarchy
    Chapter 7: Upgrading Your Existing Microsoft PKI
    Chapter 8: Verifying and Monitoring Your Microsoft PKI
    CA Hierarchy Verification Questions
    Monitoring Questions
    Chapter 9: Securing a CA Hierarchy
    Chapter 10: Certificate Revocation
    Chapter 11: Certificate Validation
    Troubleshooting Exercise
    Chapter 12: Designing Certificate Templates
    Chapter 13: Role Separation
    Chapter 14: Planning and Implementing Disaster Recovery
    Chapter 15: Issuing Certificates
    Chapter 16: Creating Trust Between Organizations
    Chapter 17: Identity Lifecycle Manager 2007 Certificate Management
    Chapter 18: Archiving Encryption Keys
    Chapter 19: Implementing SSL Encryption for Web Servers
    Chapter 20: Encrypting File System
    Chapter 21: Deploying Smart Cards
    Chapter 22: Secure E-Mail
    Chapter 23: Virtual Private Networking
    Chapter 24: Wireless Networking
    Chapter 25: Document and Code Signing
    Chapter 26: Deploying Certificates to Domain Controllers
    Chapter 27: Network Device Enrollment Service
    Appx. B. About the Author
    Index
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Part 3: Deploying Application-Specific S... > Chapter 16: Creating Trust Between O...

    A.19. Chapter 16: Creating Trust Between Organizations

    Q:Which CA in the production hierarchy must be issued the Cross Certification Authority certificate to satisfy the design requirements?
    A:It must be issued to The Phone Company South CA. If you issue the Cross Certification Authority certificate to The Phone Company Policy CA, certificates could be trusted from The Phone Company Policy CA and its two subordinate CAs: The Phone Company North CA and The Phone Company South CA, subject to any defined basic constraints.
    Q:What CA must be used to issue the Cross Certification Authority certificate on the test network to satisfy the design requirements?
    A:The Cross Certification Authority certificate can be issued by either The Phone Company Test North CA or The Phone Company Test South CA. Both CAs are enterprise CAs, and there are no restrictions on which issuing CA must be used. It is easier to work with two CAs at the same location (Barcelona), so this example uses The Phone Company Test South CA.
    Q:If the Cross Certification Authority certificate is issued to the The Phone Company Policy CA, what lines must be included in the Policy.inf file to recognize certificates issued by the The Phone Company South CA?
    A:[BasicConstraintsExtension]

    PathLength = 1

    Q:If the Cross Certification Authority certificate is issued to the The Phone Company South CA, what lines must be included in the Policy.inf file to recognize certificates issued by the The Phone Company South CA?
    A:[BasicConstraintsExtension]

    PathLength = 0

    Q:What name constraints are required in the Policy.inf file to limit permitted certificates to the single certificate issued to the software development manager?
    Q:What application policy entries are required in the Policy.inf file to limit the certificates to only code-signing certificates?
    Q:Assuming that the Cross Certification Authority certificate is issued by the The Phone Company Test South CA to the The Phone Company South CA, how does the certificate chain for the manager’s certificate look when viewed on a computer running Windows XP in the certification forest?
    A:The Phone Company Test Root CA => The Phone Company Test Policy CA => The Phone Company Test South CA => The Phone Company South CA => The Phone Company
    Q:Assuming that the Cross Certification Authority certificate is issued by the The Phone Company Test South CA to the The Phone Company South CA, how does the certificate chain for the manager’s certificate look when viewed on a computer running Windows Vista in the production forest?
    A:The Phone Company Root CA => The Phone Company Policy CA =>The Phone Company


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial