Duration: 5 days – 35 hrs
Overview
PKI training course implement and manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used.
Objectives
Throughout the whole course, participants will gain in-depth knowledge on the following topics:
- Legal aspects of a PKI
- Elements of a PKI
- PKI management
- Trust in a digital world
- Digital signature implementation
- Trust models
- Smart Cards
- NDES, CEP/CES
- SSL
- OCSP
- To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryptions, digital signatures, digital certificates and Certificate Authorities.
- To give students hands on experience of implementing and using PKI solutions with a variety of applications.
- To give students an understanding of the concepts of evaluating and selecting PKI technologies.
Audience
This course is recommended for anyone using, managing, deploying or designing PKI solutions with ADCS components.
Prerequisites
Must have basic knowledge of Windows Servers and Networking.
Course Content
Introduction to PKI
- Basic Security Concepts
- Public Key Infrastructure Defined
- Digital Certificates and Signatures
- Smart Cards
- PKI Standards
- Basic cryptography
- Uses of Cryptography
- History of Cryptography including early methods
- Symmetric and Asymmetric Encryption plus Algorithms
- Diffie-Hellman Key Generation
- Hashing for Integrity plus Algorithms
- Cryptographic Functions
- Hashing
- Cryptographic Keys
- Key Types
- Key Lengths
- Certificate Revocation Lists (CRL)
- Base and Delta CRL Overview
- CRL Overlap
- Design Principles
Online Certificate Status Protocol (OCSP)
- Key recovery
- Installing a CA and issuing certificates
Smart Card Logon
- Smart Card Concept
- Working and Logon Process in Detail
SSL in Detail
- Working of SSL using Network Traces
- Troubleshooting of SSL issues
- Discuss some common error codes
Certificates & Certificate Stores
- Digital Certificates
- Keypairs
- Windows Certificate Stores
Lab: Deploy a 2-tier PKI
- Certificate Validation
- Chain Building
- Revocation checking
- Troubleshooting Tools and Techniques
Lab: Online Certificate Status Protocol
- Overview
- OCSP Process
- Limitations
- Design Configurations
- Weaknesses
Enterprise Templates
- Overview
- Template Schema Versions
- Template Properties
- Template Configuration Versioning
Certificate Enrollment Types
- Enrollment Overview
- Certificate Authority Web Enrollment (CAWE)
- Cross Forest Enrollment
Automated Certificate Enrollment
- Certificate Autoenrollment Overview
- Group Policy Settings
- Autoenrollment Processes
- Troubleshooting
Certificate Enrollment Web Services (CES/CEP) and NDES (SCEP)
- Overview
- Infrastructure Requirements
- Installation & Configuration
- Top 5 Deployment Issues
- Top 10 Risks
- Whats new
- Summary of Public Key Infrastructure
- Troubleshooting
- Common ADCS Mistakes
- ADCS Known Issues
- Troubleshooting CA Issues
- ADCS Debug Logs
- ADCS Configuration
- Certutil
- Hands on with OpenSSL
- Summary and Closing
