Course Overview:
This Public Key Infrastructure – Implement and Manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component – which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used.
Throughout the whole course, participants will gain in-depth knowledge on the following topics:
- Legal aspects of a PKI
- Elements of a PKI
- PKI management
- Trust in a digital world
- Digital signature implementation
- Trust models
- Smart Cards
- NDES, CEP/CES
- SSL
- OCSP
After completing the PKI course, every individual will be able to successfully design, setup, deploy, Troubleshoot and manage a public key infrastructure (PKI). This is a 5-day course is considered essential for anyone who needs to understand Public Key Infrastructure (PKI) and the issues surrounding its implementation. It covers the issues and technologies involved in PKI in-depth and gives hands-on practical experience of setting up and maintaining a variety of PKI solutions. Detailed knowledge of issues surrounding PKI helps to put recent attacks which have appeared in the news headlines into context and enable valid decisions to be made about their relevance to your organization.
Course Objectives:
- To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryption, digital signatures, digital certificates and Certificate Authorities.
- To give students hands on experience of implementing and using PKI solutions with a variety of applications.
- To give students an understanding of the concepts of evaluating and selecting PKI technologies
Pre-requisites:
- An Ideal candidate must have basic knowledge of Windows Servers and Networking
- For practical revision, students require windows server 2012 R2 machines???
Target Audience:
- This course is recommended for anyone using, managing, deploying or designing PKI solutions with ADCS components.
Course Duration:
- 35 hours – 5 days
Course Content:
Introduction to PKI
- Basic Security Concepts
- Public Key Infrastructure Defined
- Digital Certificates and Signatures
- Smart Cards
- PKI Standards
- Basic cryptography
- Uses of Cryptography
- History of Cryptography including early methods
- Symmetric and Asymmetric Encryption plus Algorithms
- Diffie-Hellman Key Generation
- Hashing for Integrity plus Algorithms
- Cryptographic Functions
- Hashing
- Cryptographic Keys
- Key Types
- Key Lengths
Practical uses for encryption and associated issues
Signed and Encrypted Email using S/MIME and PGP Secure connections to websites Digitally signing PDFs Encrypting files Encrypting hard drives Encrypting “containers” SSL, VPN and Wireless PKI and Cloud Computing Attacks on Encryption Certificate Authorities Public v Private CAs Regulations governing CAs CA Certificate Policies Types of Certificates Provided CA Hierarchies Certificate Authority Operations Certificate expiration Certificate revocation
Certificate Revocation Lists (CRL)
- Base and Delta CRL Overview
- CRL Overlap
- Design Principles
Online Certificate Status Protocol (OCSP)
- Key recovery
- Installing a CA and issuing certificates
Smart Card Logon
- Smart Card Concept
- Working and Logon Process in Detail
SSL in Detail
- Working of SSL using Network Traces
- Troubleshooting of SSL issues
- Discuss some common error codes
Certificates & Certificate Stores
- Digital Certificates
- Keypairs
- Windows Certificate Stores
Lab : Deploy a 2-tier PKI
- Certificate Validation
- Chain Building
- Revocation checking
- Troubleshooting Tools and Techniques
Lab : Online Certificate Status Protocol
- Overview
- OCSP Process
- Limitations
- Design Configurations
- Weaknesses
Enterprise Templates
- Overview
- Template Schema Versions
- Template Properties
- Template Configuration Versioning
Certificate Enrollment Types
- Enrollment Overview
- Certificate Authority Web Enrollment (CAWE)
- Cross Forest Enrollment
Automated Certificate Enrollment
- Certificate Autoenrollment Overview
- Group Policy Settings
- Autoenrollment Processes
- Troubleshooting
Certificate Enrollment Web Services (CES/CEP) and NDES (SCEP)
- Overview
- Infrastructure Requirements
- Installation & Configuration
- Top 5 Deployment Issues
- Top 10 Risks
- Whats new in 2019 or 2020 or 2016 ???
- Summary of Public Key Infrastructure
- Troubleshooting
- Common ADCS Mistakes
- ADCS Known Issues
- Troubleshooting CA Issues
- ADCS Debug Logs
- ADCS Configuration
- Certutil
- Hands on with OpenSSL
- Summary and Closing