M2821 – Deploying and Managing a Public Key Infrastructure Microsoft
Enquire/Book this course
Trained over 60000 delegates
Course delivered by industry expert instructors
Highly competitive pricing
Course Description
Prerequisites: Before attending this course, students must have:
- Familiarity with Windows 2000 or Windows Server 2003 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) courses:
- Course 2274: Managing a Microsoft Windows Server 2003 Environment
- Course 2275: Maintaining a Microsoft Windows Server 2003 Environment
- Course 2152: Implementing Microsoft Windows 2000 Professional and Server
- Familiarity with Windows 2000 or Windows 2003 networking technologies, such as those described in the following MOC courses:
- Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services
- Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure
- Familiarity with Windows 2000 or Windows 2003 directory services technologies, such as those described in the following MOC courses:
- Course 2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
- Course 2154: Implementing and Administering Microsoft Windows 2000 Directory Services
- Describe PKI and the major components of a PKI.
- Design a certification authority (CA) hierarchy to meet business requirements.
- Install Certificate Services to create a CA hierarchy.
- Perform certificate management tasks, CA management tasks, and plan for disaster recovery of Certificate Services.
- Create and publish a certificate template, and replace an existing certificate template.
- Enroll a certificate manually, auto-enroll a certificate, and enroll a smart card certificate.
- Implement manual and automatic key archival and recovery in a Windows Server 2003 PKI.
- Configure trust between organizations by configuring and implementing qualified subordination.
- Deploy smart cards in a Windows environment.
- Secure a Web environment by implementing SSL security and certificate-based authentication for Web applications.
- Implement secure e-mail messages by using Microsoft Exchange Server in a Windows 2000 or Windows 2003 environment.
- Introduction to PKI
- Introduction to Cryptography
- Certificates and Certification Authorities
- Identifying CA Hierarchy Design Requirements
- Common CA Hierarchy Designs
- Documenting Legal Requirements
- Analyzing Design Requirements
- Designing a CA Hierarchy Structure
- Identifying Applications and Certificate Holders
- Identifying Technical and Business Requirements
- Designing a CA Hierarchy
- Identify technical and business requirements for designing a CA hierarchy.
- Describe common CA hierarchy designs.
- Describe policies and documents for specifying the legal requirements of a CA hierarchy design.
- Identify the impact of design requirements and determine design changes to a CA hierarchy design.
- Design a CA hierarchy to meet business requirements.
- Creating an Offline CA
- Validating Certificates
- Planning CRL Publication
- Installing a Subordinate CA
- Configuring CAPolicy.inf for installing the Offline Root CA
- Installing the Offline Root CA
- Defining CRL and AIA Publication Settings
- Publishing the CRL and AIA Information
- Adding the Web Server to Local Intranet Sites
- Installing the Subordinate Enterprise CA
- Validating the PKI Health of your CA Hierarchy
- Create an offline root CA.
- Design an infrastructure to validate certificates.
- Design an infrastructure to publish CRLs.
- Install a subordinate CA.
- Introduction to PKI Management
- Managing Certificates
- Managing Certification Authorities
- Planning for Disaster Recovery
- Defining CA Administrators and Certificate Managers
- Restricting Certificate Managers
- Generating Certificate Requests
- Testing CA Administrator Tasks
- Testing Certificate Manager Tasks
- Enabling Certificate Services Auditing
- Determining Backup Privileges
- Backing Up Certificate Services
- Removing the CA's Private Key from the CA Certificate Store
- Restoring the System State Backup
- Describe the use of roles in PKI management.
- Perform certificate management tasks.
- Perform CA management tasks.
- Plan for disaster recovery of Certificate Services.
- Introduction to Certificate Templates
- Designing and Creating a Certificate Template
- Publishing a Certificate Template
- Managing Changes in a Certificate Template
- Delegating Certificate Template Administration Permissions
- Reviewing an Existing Certificate Template
- Designing the Custom Code Signing Certificate Template
- Creating a Certificate Template
- Publishing a Certificate Template
- Enrolling the Certificate Template
- Superceding a Certificate Template
- Describe the function of certificate templates in a Windows Server 2003 PKI.
- Design and create a certificate template.
- Publish a certificate template.
- Replace an existing certificate template with an updated certificate template.
- Introduction to Certificate Enrollment
- Enrolling Certificates Manually
- Autoenrolling Certificates
- Choosing an Enrollment Method
- Enrolling Computer Certificates by Using the Certificate Enrollment Wizard
- Creating a User Certificate Template that Enables Autoenrollment
- Deploying the Certificates by Using Autoenrollment
- Select the appropriate certificate enrollment method for a given scenario.
- Enroll certificates manually.
- Autoenroll certificates.
- Enroll smart card certificates.
- Introduction to Key Archival and Recovery
- Implementing Manual Key Archival and Recovery
- Implementing Automatic Key Archival and Recovery
- Publishing the Key Recovery Agent Certificate Template
- Enrolling the Key Recovery Agent Certificates
- Implementing Key Recovery on an Enterprise CA
- Creating an Archive-enabled Certificate Template
- Acquiring an ArchiveEFS Certificate
- Performing Key Recovery
- Describe the key archival and recovery process in a Windows Server 2003 PKI.
- Implement manual key archival and recovery.
- Implement automatic key archival and recovery.
- Introduction to Advanced PKI Hierarchies
- Qualified Subordination Concepts
- Configuring Constraints in a Policy.inf File
- Implementing Qualified Subordination
- Creating a Qualified Subordination Signing Certificate Template
- Configuring a Policy.inf File
- Requesting a Qualified Subordination Signing Certificate
- Generating a Cross Certification Authority Certificate for the Bridge CA
- Modifying the Policy.inf File on the Bridge CA
- Creating the Cross Certification Authority Certificate
- Publishing the Bridge CA Cross Certification Authority Certificates
- Issuing Certificates that Meet Qualified Subordination Constraints
- Describe advanced PKI hierarchies.
- Describe how constraints are used in qualified subordination.
- Configure a policy.inf file to implement qualified subordination constraints.
- Implement qualified subordination between CA hierarchies.
- Introduction to Smart Cards
- Enrolling Smart Card Certificates
- Deploying Smart Cards
- Modifying and Publishing the Enrollment Agent Certificate Template
- Acquiring the Enrollment Agent Certificates
- Creating a Custom Smart Card Certificate
- Enabling the Downloading of Unsafe Microsoft ActiveX Controls
- Performing Smart Card Enrollment Agent Requests
- Configuring a Certificate to Require a Smart Card Signature during Autoenrollment
- Signing an Autoenrollment Certificate Request with a Smart Card
- Planning for Re-enrollment
- Describe the use of smart cards for authentication in a Windows Server 2003 PKI environment.
- Deploy smart cards for authentication in a Windows Server 2003 PKI environment.
- Introduction to SSL Security
- Enabling SSL on a Web Server
- Implementing Certificate-based Authentication
- Enabling SSL Encryption in IIS
- Securing the Security Virtual Folder
- Enabling Certificate Mapping in Active Directory
- Enabling Certificate Mapping in IIS
- Describe how security is implemented in a Web environment.
- Configure IIS to implement SSL security.
- Implement certificate-based authentication for Web applications.
- Introduction to E-mail Security
- Configuring Secure E-mail Messages
- Recovering E-mail Private Keys
- Migrating a KMS Database to a CA Running Windows Server 2003
- Creating Exchange Server 2003 Mailboxes
- Creating and Publishing S/MIME Certificate Templates
- Configuring Outlook 2002
- Sending Secure E-mail Between Organizations
- Describe how e-mail security is implemented by a server running Exchange in a Windows Server 2003 environment.
- Securing e-mail messages in an Exchange 2003 environment.
- Recover e-mail private keys.
- Migrate a Key Management Service (KMS) database to a Windows Server 2003 Enterprise Edition enterprise CA.