Inside PKI X.509 v3 certificates
- Expiring identities with certificate lifetimes
- Verifying identities with Subject Alternative Name
- Binding identities to certificates
Establishing trust via certificates
- Validating trust with digital signatures
- Creating entity trust by importing a root CA
- Distributing trust to subordinate CAs
- Flowing trust with domain Group Policy Object GPO
Building an enterprise trust hierarchy
- Publishing Certificate Revocation Lists (CRLs)
- Increasing security with an offline root CA
- Accessing directories with LDAP
- Configuring Online Certificate Status Protocol OCSP
Trusting an external identity provider
- Forming a certificate chain
- Locating the CA Trust Anchor