- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Decommissioning Certification Authorities
- Abstract
- Certification Authorities (CA) based on Public Key Infrastructure (PKI) are in regular use throughout the world. While there are increasing numbers of CA's initiated each month, the time may have come to decommission a "pioneer" CA installed in the early years of commercial PKI, roughly 1995 - 1999. Business, financial, legal or simply technology shelf life may lead to terminating a CA. Terminating a CA is as important an event as its initiation - both require planning physical, logical and human aspects. Security of information and reputation is at risk. The current and future needs of subscribers and other relying parties require consideration. In contrast to the many sources available to learn about setting up a CA, there is a shortage of published reports and best practices on decommissioning a Certification Authority. Standards organizations provide a few guidelines for defining CA termination in the CA's Certificate Policy (CP) and Certification Practice Statement (CPS). This paper reviews these guidelines and discusses terminating a Certification Authority.