Receiving New Certificates after Third-Party Certificate Authority Compromise

D.

When a third-party certificate authority (CA) is compromised, it means that an attacker has gained access to the CA's private key, which can be used to create fraudulent digital certificates that can be used to impersonate trusted entities or intercept encrypted communications. In such a scenario, the CA will typically revoke all of the affected certificates and issue new ones.

To receive a new certificate, the security administrator needs to submit a Certificate Signing Request (CSR). A CSR is a message that contains information about the entity requesting the certificate, such as the domain name, organization name, and public key. The CSR is signed with the requester's private key, which ensures that only the requester can read the message and prove their identity.

Option A, CRL (Certificate Revocation List), is a list of revoked certificates that a CA publishes periodically to inform relying parties that certain certificates are no longer trusted. This is not relevant to the process of obtaining a new certificate.

Option B, OSCP (Online Certificate Status Protocol), is a protocol used to check the revocation status of a certificate in real-time. This is not relevant to the process of obtaining a new certificate.

Option C, PFX (Personal Information Exchange), is a file format used to store a user's private key and digital certificate. This is not relevant to the process of obtaining a new certificate.

Option E, CA (Certificate Authority), is the entity that issues and manages digital certificates. The CA is the one that the security administrator would need to contact to obtain a new certificate, but they would need to submit a CSR as part of the process.

Therefore, the correct answer is D, CSR (Certificate Signing Request).