Enterprise Certificate Authority
From MgmtWiki
Full Title or Meme
Any Certificate Authority that is designed to apply to people, natural or otherwise, that are known to the Enterprise.
Context
- Typically, an Enterprise Certificate Authority operates via Client Certificates that are issued to a digital Identifier that is issued to an Entity that has some means to control access to a protected Private Key that is used for Authentication.
- The most common form of Authentication is via Client Certificates that bind the Entity Identifier with a Client Certificate that is used in a TCP connection using Mutual Authentication to carry the proof of possession, not only of the key of the server, but also of the key of the Client.
- The most common form of Mutual Authentication uses MTLS or mutual transportation layer security.
Problems
There have been multiple vulnerabilities reported to the US Government.