Course code: MOC 2821« Back

Designing and Managing a Public Key Infrastructure

This four-day, instructor-led course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services, such as Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Internet Information Server, Microsoft Outlook®, and remote access services.

This course has been removed from our portfolio
This section contains overview of retired courses which don’t belong to GOPAS course offer any more or were replaced by new course versions.
For more information about possibility to buy retired courses contact our customer services department (__Klientskyservis@gopas.cz) or business department (__Obchod@gopas.cz).

AffiliateDurationCatalogue priceHandbook priceITB
Praha4 23 950 CZK included in course price 40
Brno4 23 950 CZK included in course price 40
Bratislava4 560,00 EUR 232,00 EUR 40

User intensity level

Who is the course for

This course is intended for IT systems engineers who are responsible for designing and implementing security solutions. Individuals should have knowledge and experience to install and configure the Active Directory® directory service and security mechanisms for computers running Microsoft Windows® 2000 Server or Windows Server™ 2003 family.

What we teach you

  • Describe PKI and the major components of a PKI.
  • Design a certification authority (CA) hierarchy to meet business requirements.
  • Install Certificate Services to create a CA hierarchy.
  • Perform certificate management tasks, CA management tasks, and plan for disaster recovery of Certificate Services.
  • Create and publish a certificate template, and replace an existing certificate template.
  • Enroll a certificate manually, autoenroll a certificate, and enroll a smart card certificate.
  • Implement manual and automatic key archival and recovery in a Windows Server 2003 PKI.
  • Configure trust between organizations by configuring and implementing qualified subordination.
  • Deploy smart cards in a Windows environment.
  • Secure a Web environment by implementing SSL security and certificate-based authentication for Web applications.
  • Implement secure e-mail messages by using Microsoft Exchange Server in a Windows 2000 or Windows 2003 environment.

    Required skills

  • Familiarity with Windows 2000 or Windows Server 2003 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) courses: o Course 2274: Managing a Microsoft Windows Server 2003 Environment o Course 2275: Maintaining a Microsoft Windows Server 2003 Environment o Course 2152: Implementing Microsoft Windows 2000 Professional and Server
  • Familiarity with Windows 2000 or Windows 2003 networking technologies, such as those described in the following MOC courses: o Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services o Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure
  • Familiarity with Windows 2000 or Windows 2003 directory services technologies, such as those described in the following MOC courses: o Course 2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure o Course 2154: Implementing and Administering Microsoft Windows 2000 Directory Services

    Teaching methods

    Instructor-led classroom training with self-paced practical exercises in virtual environment

    Teaching materials

    The student kit includes a comprehensive workbook and other necessary materials for this class.

    Course Outline

    Module 1: Overview of Public Key Infrastructure
  • Introduction to PKI
  • Introduction to Cryptography
  • Certificates and Certification Authorities
  • Creating a Custom MMC
  • Viewing CA Certificates in Certificates MMC
  • Analyzing CA Certificate Distribution Methods
  • Describe PKI and its basic components.
  • Describe how symmetric and public key encryption works.
  • Define the role of certificates and CAs in a PKI.

    Module 2: Designing a Certification Authority Hierarchy

  • Identifying CA Hierarchy Design Requirements
  • Common CA Hierarchy Designs
  • Documenting Legal Requirements
  • Analyzing Design Requirements
  • Designing a CA Hierarchy Structure
  • Identifying Applications and Certificate Holders
  • Identifying Technical and Business Requirements
  • Designing a CA Hierarchy
  • Identify technical and business requirements for designing a CA hierarchy.
  • Describe common CA hierarchy designs.
  • Describe policies and documents for specifying the legal requirements of a CA hierarchy design.
  • Identify the impact of design requirements and determine design changes to a CA hierarchy design.
  • Design a CA hierarchy to meet business requirements.

    Module 3: Creating a Certification Authority Hierarchy

  • Creating an Offline CA
  • Validating Certificates
  • Planning CRL Publication
  • Installing a Subordinate CA
  • Configuring CAPolicy.inf for installing the Offline Root CA
  • Installing the Offline Root CA
  • Defining CRL and AIA Publication Settings
  • Publishing the CRL and AIA Information
  • Adding the Web Server to Local Intranet Sites
  • Installing the Subordinate Enterprise CA
  • Validating the PKI Health of your CA Hierarchy
  • Create an offline root CA.
  • Design an infrastructure to validate certificates.
  • Design an infrastructure to publish CRLs.
  • Install a subordinate CA.

    Module 4: Managing a Public Key Infrastructure

  • Introduction to PKI Management
  • Managing Certificates
  • Managing Certification Authorities
  • Planning for Disaster Recovery
  • Defining CA Administrators and Certificate Managers
  • Restricting Certificate Managers
  • Generating Certificate Requests
  • Testing CA Administrator Tasks
  • Testing Certificate Manager Tasks
  • Enabling Certificate Services Auditing
  • Determining Backup Privileges
  • Backing Up Certificate Services
  • Removing the CA’s Private Key from the CA Certificate Store
  • Restoring the System State Backup
  • Describe the use of roles in PKI management.
  • Perform certificate management tasks.
  • Perform CA management tasks.
  • Plan for disaster recovery of Certificate Services.

    Module 5: Configuring Certificate Templates

  • Introduction to Certificate Templates
  • Designing and Creating a Certificate Template
  • Publishing a Certificate Template
  • Managing Changes in a Certificate Template
  • Delegating Certificate Template Administration Permissions
  • Reviewing an Existing Certificate Template
  • Designing the Custom Code Signing Certificate Template
  • Creating a Certificate Template
  • Publishing a Certificate Template
  • Enrolling the Certificate Template
  • Superceding a Certificate Template
  • Describe the function of certificate templates in a Windows Server 2003 PKI.
  • Design and create a certificate template.
  • Publish a certificate template.
  • Replace an existing certificate template with an updated certificate template.

    Module 6: Configuring Certificate Enrollment

  • Introduction to Certificate Enrollment
  • Enrolling Certificates Manually
  • Autoenrolling Certificates
  • Choosing an Enrollment Method
  • Enrolling Computer Certificates by Using the Certificate Enrollment Wizard
  • Creating a User Certificate Template that Enables Autoenrollment
  • Deploying the Certificates by Using Autoenrollment
  • Select the appropriate certificate enrollment method for a given scenario.
  • Enroll certificates manually.
  • Autoenroll certificates.
  • Enroll smart card cer
  • Previous courses

    no preceding courses

    Next courses

    no following course
    Tištěná příručka MOC 2821

    Price:
    5950 CZK
    Tištěná příručka MOC 2821

    Price:
    232 EUR
    The prices are without VAT.