Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
- The CA is always required, even after user verification is complete.
- The users must obtain the certificate of the CA and then their own certificate.
- After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
- CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
Answers Explanation & Hints: When two users must authenticate each other using digital certificates and CA, both users must obtain their own digital certificate from a CA. They submit a certificate request to a CA, and the CA will perform a technical verification by calling the end user (out-of-band). Once the request is approved, the end user retrieves the certificate over the network (in-band) and installs the certificate on the system. After both users have installed their certificate, they can perform authentication by sending their certificate to each other. Each site will use the public key of the CA to verify the validity of the certificate; no CA is involved at this point. If both certificates are verified, both users can now authenticate each other.