Course code: GOC18« Back

Windows Server 2008 – PKI Deployment

This four-day course teaches students how to plan, deploy and implement, maintain and operate as well as troubleshoot internal Public Key Infrastructure (PKI) in environment based on Microsoft Windows operating systems. The first part of the course recaps and extends understanding of basic PKI and cryptography understanding and teaches what standard algorithms and their strengths should be used to achieve the best comparable security. In the second part, the students build complex CA hierarchy on Windows 2008 R2 operating system and implement client applications such as manual and online certificate enrollment, autoenrollment, enrollment agents (registration authorities – RA), key archival and restoration and certificate requests and their troubleshooting. A significant part is dedicated to using best practices and following common tested use-cases. All our trainers that teach the course are certified to the highest professional level of MCM:Directory (Microsoft Certified Master:Directory Services).

GOPAS Official Curriculum Microsoft Certified Master: Directory Services
This section contains overview of retired courses which don’t belong to GOPAS course offer any more or were replaced by new course versions.
For more information about possibility to buy retired courses contact our customer services department ( or business department (

AffiliateDurationCatalogue priceHandbook priceITB
Praha4 27 600 CZK included in course price 40
Brno4 27 600 CZK included in course price 40
Bratislava4 840,00 EUR included in course price 40

User intensity level

Microsoft Certified Master Guaranteed

All our trainers that teach the course are certified to the highest professional level of MCM:Directory (Microsoft Certified Master:Directory Services) and have years of experience in the identity management and security field.

At course completion students will be able

Understand cryptography, certificates and PKI principles
Design and implement suitable algorithms and key-strengths appropriatelly for their complex environments
Deploy and manage certicates to clients and applications and troubleshoot enrollment issues
Design appropriate certificate policies, enrollment, key backup and recovery
Plan and design CA hierarchies and distribute administration and responsibility
Monitor and optimize PKI infrastructure

Teaching methods

Instructor-led classroom training with with self-paced practical exercises in computer-based virtual environment

Student materials

Authorized Gopas student materials matching the course outline
Book: MS Press: Windows 2008 PKI and Certificate Security

Course outline

Cryptography basics recap
Current cryptography standards and comparative strengths
Certificates and keys
Certificate authorities
Registration authorities and time authorities
Algorithm and key compatibility in Windows environments
SHA-1, SHA-2 and elyptic curves (ECC)
CSP and CNG providers and compatibility
AD CS and Windows Server versions
AD CS installation and basic configuration
Active Directory environment security
CRL and CRL Distribution Points (CDP)
Troubleshooting revocation
Certificate policies and certificate templates
Delegation and administrative roles
Enrollment, online and offline enrollment, autoenrollment
Backup, recovery and key recovery
Private key protection and roaming
Monitoring and optimization
Advanced topics (NDES etc.)

Tištěné nebo elektronické studijní materiály GOPAS

included in course price
The prices are without VAT.