Created by:

Now, you should get a validation email

Once you access your Namecheap dashboard, within a few minutes. Click on the link
you’ll see an overview of all your products, inside that email, and you’ll get a
including domains and SSL certificates. If there second message, including your new
are any certificates about to expired (or already certificate files (in .crt format).

Diaz, Jaira Mae B.

past the due date), you’ll see an Activate option:

1. ACME (Automated Certificate Management Environment)

CEIT-37-701A
2. SCEP (Simple Certificate Enrollment Protocol)
3. EST (Enrollment over Secure Transport) 3. Validate
your SSL
2. Activate Namecheap asks you to contact the
Certificate Namecheap support team so they can install
your SSL the renewed files for you. However, this isn’t set
in stone across the board, so check your host’s
Certificate documentation for the optimal approach.
Once a requester obtains a digital certificate and a signed public Enrollment
key, they can install this certificate onto an endpoint, which, from
then on, becomes a trusted network entity. It should be noted that
Post- Protocols
the accepted best practice for certificate usage is to.
Enrollment
Usage of
Certificates
4. Install your
Involves the requester generating a key pair (one public, new SSL
and one private key), sending only the public key to a CA
along with a CSR (Certificate Signing Request), and then
The first thing you need to do is
generate a CSR from your web host,
Certificate
receiving a CA-signed public key and a TLS(Transport
which validates your server’s identity.
Layer Security) certificate which they can then install on
an endpoint. Let’s take a look at how this plays out.

Enrollment
Procedure 1. Generate a
New CSR
Public Key
Refers to tools used to create
and manage public keys for
Infrastructure
Certificate owner encryption, which is a common
method of securing data
Secure Sockets
is no longer
deemed trusted.
transfers on the internet.
Layer

ENROLLING RENEW
CERTIFICATES CERTIFICATES

Secure Sockets Layer (SSL) and

SECURE Transport Layer Security (TLS)
MODULE 6: NETWORK are the most common types of
REVOKE

TRAFFIC BY PKI. Both employ a hybrid

Encryption keys
CERTIFICATES MANAGING cryptosystem that uses both
of the certificate USING
have been CERTIFICATES CERTIFICATES types of encryption. A server’s
compromised certificate has an asymmetric
private and public pair, and the
BACKUP AND Transport Layer session key that the server
CERTIFICATE RESTORE Security creates is symmetrical.
AUTHORITY OR CERTIFICATES
HIERARCHY AND PRIVATE
KEYS

Usage
Requirement to
Errors within an backup a
issued certificate To back up a Certificate Services private key, use the Certification
3 Major Tasks
certificate
Authority MMC snap-in, or the certutil command (with -backup
services private or –backup key specified). Backing up the private key with the
key Certification Authority MMC snap-in or certutil results in the
Change in usage private key being written to PKCS #12 file.
of the certificate Hierarchy
Best Practices to
Digital Store the Private
Certificate Key

Created for: Keystores (PFX and KS files)

Hardware Storage: USB Tokens, Smart
Information Assurance and Security 2 Cards, and Hardware Storage Module
Prof. Joy Salazar