Добавил:
Я за два дня прошел весь курс ТВиМС Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
!ОСНОВНАЯ КНИГА КУРСА! Chapple M. (ISC)2 CISSP Certified IS...Study Guide 9ed 2021.pdf
Скачиваний:
1
Добавлен:
20.06.2025
Размер:
15.75 Mб
Скачать

Public Key Infrastructure

283

The time savings come when the next user visits the website. The web server can simply reuse the stapled certificate without recontacting the OCSP server. As long as the timestamp is recent enough, the user will accept the stapled certificate without needing to contact the CA’s OCSP server again. It’s common to have stapled certificates with a validity period of 24 hours. That reduces the burden on an OCSP server from handling one request per user over the course of a day, which could be millions of requests, to handling one request per certificate per day. That’s a tremendous reduction.

Certificate Formats

Digital certificates are stored in files, and those files come in a variety of different formats, both binary and text-based:

■■The most common binary format is the Distinguished Encoding Rules (DER) format. DER certificates are normally stored in files with the .der, .crt, or .cer extension.

■■The Privacy Enhanced Mail (PEM) certificate format is an ASCII text version of the DER format. PEM certificates are normally stored in files with the .pem or .crt extension.

You may have picked up on the fact that the .crt file extension is used for both binary DER files and text PEM files. That’s very confusing! You should remember that you can’t tell whether a CRT certificate is binary or text without actually looking at the contents of the file.

■■The Personal Information Exchange (PFX) format is commonly used by Windows systems. PFX certificates may be stored in binary form, using either .pfx or .p12 file extensions.

■■Windows systems also use P7B certificates, which are stored in ASCII text format. Table 7.2 provides a summary of certificate formats.

TABLE 7. 2   Digital certificate formats

Standard

Format

File extension(s)

 

 

 

Distinguished Encoding Rules (DER)

Binary

.der, .crt, .cer

Privacy Enhanced Mail (PEM)

Text

.pem, .crt

Personal Information Exchange (PFX)

Binary

.pfx, .p12

P7B

Text

.p7b

 

 

 

Соседние файлы в предмете Информационная безопасность автоматизированных систем