Help Center>
Edge Data Center Management>
User Guide>
System>
About>
Certificate Authority Service>
Certificate Authority Service Overview>
Definition
Updated on 2022-04-02 GMT+08:00
Definition
Concepts
- Certificate Authority (CA): An authoritative and impartial third-party organization responsible for issuing, authenticating, and managing certificates. A CA is a tree structure consisting of a root CA and multiple subordinate CAs.
- Certificate Revocation List (CRL): A list of certificates that have been revoked by the issuing CA before their scheduled expiration date. It is a kind of certificate blacklist.
- Root CA: The top-level CA in the CA hierarchy. It is the start point of the entire CA chain of trust. The corresponding CA certificate is self-signed and does not need to be verified by other CAs.
- Subordinate CA: A certificate authority signed by the root CA or other subordinate CAs.
- Certificate chain: An ordered list of certificates from multiple levels of CAs. A certificate chain verifies the certificates issued by the lowest-level CA in the certificate chain.
- End-entity certificate: A certificate that does not use its key to issue other certificates.
- One-way TLS: A secure communication protocol that uses digital certificates to encrypt communication packets. The client uses a trusted certificate to authenticate the server.
- Two-way TLS: The server and the client use a trusted certificate to authenticate each other.
- Endorsement Key (EK): A key generated by the vendor of a Trusted Platform Module (TPM) chip to uniquely identify the TPM chip. According to the Trusted Computing Group (TCG) specifications, the TPM stores the EK certificate issued by a trusted third party to verify the validity of the EK. The EK is important private information and cannot be used for signature.
- Attestation Key (AK): A key used in remote attestation to prevent EKs from being disclosed. It is used to sign measurement data (such as the PCR value) stored in the TPM. An AK certificate is a certificate obtained using the privacy CA protocol, containing information such as the public AK and CA issuer.
- Certificate Signing Request (CSR): Certificate signing request. In Public Key Infrastructure (PKI) systems, a certificate signing request is a message sent from an applicant to a CA in order to apply for a digital certificate. PKCS#10 defines the syntax of a certificate request, which usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and integrity protection (such as a digital signature).
Parent topic: Certificate Authority Service Overview
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
