Call Us: +32 2 466 00 16
Email: info@u2u.be
Follow Us:

Designing and Managing a Windows Public Key Infrastructure

2days
Training code
ms2821
Book this course

Module 1: Overview of Public Key Infrastructure

Lessons

  • Introduction to PKI
  • Introduction to Cryptography
  • Certificates and Certification Authorities

Module 2: Designing a Certification Authority Hierarchy

Lessons

  • Identifying CA Hierarchy Design Requirements
  • Common CA Hierarchy Designs
  • Documenting Legal Requirements
  • Analyzing Design Requirements
  • Designing a CA Hierarchy Structure

Lab : Designing a CA Hierarchy

  • Identifying Applications and Certificate Holders
  • Identifying Technical and Business Requirements
  • Designing a CA Hierarchy

After completing this module, students will be able to:


  • Identify technical and business requirements for designing a CA hierarchy.
  • Describe common CA hierarchy designs.
  • Describe policies and documents for specifying the legal requirements of a CA hierarchy design.
  • Identify the impact of design requirements and determine design changes to a CA hierarchy design.
  • Design a CA hierarchy to meet business requirements.

Module 3: Creating a Certification Authority Hierarchy

Lessons

  • Creating an Offline CA
  • Validating Certificates
  • Planning CRL Publication
  • Installing a Subordinate CA

Lab : Installing an Offline CA

  • Configuring CAPolicy.inf for installing the Offline Root CA
  • Installing the Offline Root CA

Lab : Publishing CRLs and AIAs

  • Defining CRL and AIA Publication Settings
  • Publishing the CRL and AIA Information
  • Adding the Web Server to Local Intranet Sites

Lab : Implementing a Subordinate Enterprise CA

  • Installing the Subordinate Enterprise CA
  • Validating the PKI Health of your CA Hierarchy

After completing this module, students will be able to:


  • Create an offline root CA.
  • Design an infrastructure to validate certificates.
  • Design an infrastructure to publish CRLs.
  • Install a subordinate CA.

Module 4: Managing a Public Key Infrastructure

Lessons

  • Introduction to PKI Management
  • Managing Certificates
  • Managing Certification Authorities
  • Planning for Disaster Recovery

Lab : Enabling Role Separation

  • Defining CA Administrators and Certificate Managers
  • Restricting Certificate Managers
  • Generating Certificate Requests
  • Testing CA Administrator Tasks
  • Testing Certificate Manager Tasks
  • Enabling Certificate Services Auditing

Lab : Backing Up and Restoring a Certification Authority

  • Determining Backup Privileges
  • Backing Up Certificate Services
  • Removing the CA's Private Key from the CA Certificate Store
  • Restoring the System State Backup

After completing this module, students will be able to:


  • Describe the use of roles in PKI management.
  • Perform certificate management tasks.
  • Perform CA management tasks.
  • Plan for disaster recovery of Certificate Services.

Module 5: Configuring Certificate Templates

Lessons

  • Introduction to Certificate Templates
  • Designing and Creating a Certificate Template
  • Publishing a Certificate Template
  • Managing Changes in a Certificate Template

Lab : Delegating Certificate Template Management

  • Delegating Certificate Template Administration Permissions

Lab : Designing a Certificate Template

  • Reviewing an Existing Certificate Template
  • Designing the Custom Code Signing Certificate Template

Lab : Configuring Certificate Templates

  • Creating a Certificate Template
  • Publishing a Certificate Template
  • Enrolling the Certificate Template
  • Superceding a Certificate Template

After completing this module, students will be able to:


  • Describe the function of certificate templates in a Windows Server 2003 PKI.
  • Design and create a certificate template.
  • Publish a certificate template.
  • Replace an existing certificate template with an updated certificate template.

Module 6: Configuring Certificate Enrollment

Lessons

  • Introduction to Certificate Enrollment
  • Enrolling Certificates Manually
  • Autoenrolling Certificates

Lab : Enrolling Certificates

  • Choosing an Enrollment Method
  • Enrolling Computer Certificates by Using the Certificate Enrollment Wizard
  • Creating a User Certificate Template that Enables Autoenrollment
  • Deploying the Certificates by Using Autoenrollment

After completing this module, students will be able to:


  • Select the appropriate certificate enrollment method for a given scenario.
  • Enroll certificates manually.
  • Autoenroll certificates.
  • Enroll smart card certificates.

Module 7: Configuring Key Archival and Recovery

Lessons

  • Introduction to Key Archival and Recovery
  • Implementing Manual Key Archival and Recovery
  • Implementing Automatic Key Archival and Recovery

Lab : Configuring Key Recovery

  • Publishing the Key Recovery Agent Certificate Template
  • Enrolling the Key Recovery Agent Certificates
  • Implementing Key Recovery on an Enterprise CA
  • Creating an Archive-enabled Certificate Template
  • Acquiring an ArchiveEFS Certificate
  • Performing Key Recovery

After completing this module, students will be able to:


  • Describe the key archival and recovery process in a Windows Server 2003 PKI.
  • Implement manual key archival and recovery.
  • Implement automatic key archival and recovery.

Module 8: Configuring Trust Between Organizations

Lessons

  • Introduction to Advanced PKI Hierarchies
  • Qualified Subordination Concepts
  • Configuring Constraints in a Policy.inf File
  • Implementing Qualified Subordination

Lab : Implementing a Bridge CA

  • Creating a Qualified Subordination Signing Certificate Template
  • Configuring a Policy.inf File
  • Requesting a Qualified Subordination Signing Certificate
  • Generating a Cross Certification Authority Certificate for the Bridge CA
  • Modifying the Policy.inf File on the Bridge CA
  • Creating the Cross Certification Authority Certificate
  • Publishing the Bridge CA Cross Certification Authority Certificates
  • Issuing Certificates that Meet Qualified Subordination Constraints

After completing this module, students will be able to:


  • Describe advanced PKI hierarchies.
  • Describe how constraints are used in qualified subordination.
  • Configure a policy.inf file to implement qualified subordination constraints.
  • Implement qualified subordination between CA hierarchies.

Module 9: Deploying Smart Cards

Lessons

  • Introduction to Smart Cards
  • Enrolling Smart Card Certificates
  • Deploying Smart Cards

Lab : Deploying Smart Cards

  • Modifying and Publishing the Enrollment Agent Certificate Template
  • Acquiring the Enrollment Agent Certificates
  • Creating a Custom Smart Card Certificate
  • Enabling the Downloading of Unsafe Microsoft ActiveX Controls
  • Performing Smart Card Enrollment Agent Requests
  • Configuring a Certificate to Require a Smart Card Signature during Autoenrollment
  • Signing an Autoenrollment Certificate Request with a Smart Card
  • Planning for Re-enrollment

After completing this module, students will be able to:


  • Describe the use of smart cards for authentication in a Windows Server 2003 PKI environment.
  • Deploy smart cards for authentication in a Windows Server 2003 PKI environment.

Module 10: Securing Web Traffic by Using SSL

Lessons

  • Introduction to SSL Security
  • Enabling SSL on a Web Server
  • Implementing Certificate-based Authentication

Lab : Deploying SSL Encryption at a Web Server

  • Enabling SSL Encryption in IIS
  • Securing the Security Virtual Folder
  • Enabling Certificate Mapping in Active Directory
  • Enabling Certificate Mapping in IIS

After completing this module, students will be able to:


  • Describe how security is implemented in a Web environment.
  • Configure IIS to implement SSL security.
  • Implement certificate-based authentication for Web applications.

Module 11: Configuring E-mail Security

Lessons

  • Introduction to E-mail Security
  • Configuring Secure E-mail Messages
  • Recovering E-mail Private Keys
  • Migrating a KMS Database to a CA Running Windows Server 2003

Lab : Securing E-mail Messages in Exchange Server 2003

  • Creating Exchange Server 2003 Mailboxes
  • Creating and Publishing S/MIME Certificate Templates
  • Configuring Outlook 2002
  • Sending Secure E-mail Between Organizations

After completing this module, students will be able to:


  • Describe how e-mail security is implemented by a server running Exchange in a Windows Server 2003 environment.
  • Securing e-mail messages in an Exchange 2003 environment.
  • Recover e-mail private keys.
  • Migrate a Key Management Service (KMS) database to a Windows Server 2003 Enterprise Edition enterprise CA.

This four-day, instructor-led course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services, such as Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Internet Information Server, Microsoft Outlook, and remote access services.


This course is intended for IT systems engineers who are responsible for designing and implementing security solutions. Individuals should have knowledge and experience to install and configure the Active Directory directory service and security mechanisms for computers running Microsoft Windows 2000 Server or Windows Server 2003 family.


© 2018 U2U All rights reserved.