Exam SY0-701 topic 1 question 401 discussion

When a private key for a website is stolen, the certificate associated with that key is considered compromised. The next important step is to update the Certificate Revocation List (CRL) to include the old certificate so that clients and browsers know that it should no longer be trusted.

A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked. When a private key is compromised, the corresponding certificate should be revoked to prevent its further use. By updating the CRL, the system can validate the authenticity of certificates and prevent unauthorized access.

D. CSR (Certificate Signing Request). Explanation: When a private key is compromised, the entire certificate needs to be reissued. This involves the following steps: Generate a new CSR: A new Certificate Signing Request (CSR) is generated, which includes the public key associated with the new private key. Submit the CSR to the CA: The new CSR is submitted to the Certificate Authority (CA) for verification and signing. Issue a new certificate: The CA issues a new digital certificate that is bound to the new public key. Once the new certificate is issued, it needs to be installed on the web server. The other options (SCEP, CRL, and OCSP) are related to certificate management and revocation, but they are not directly affected by the compromise of the private key and the issuance of a new certificate.

Simple Certificate Enrollment Protocol *Certificate Revocation List Offensive Security Certified Professional Certificate Signing Request