Course
digicode: PKI
Public Key Infrastructures
Course facts
Download as PDF- Understanding the fundamentals of modern cryptography, as well as how symmetric and asymmetric encryption methods, digital signatures, and future cryptographic developments work
- Classifying the architecture, components, and functionality of a Public Key Infrastructure (PKI), as well as its use in securing digital systems and services
- Identifying typical challenges and risks in the planning and operation of PKI environments, and applying best practices to avoid misconfigurations
- Evaluating potential use cases for PKI in internal, external, and cloud-based infrastructures
- Designing secure PKI architectures, taking into account certification authorities, certificate hierarchies, chains of trust, and policies
- Understanding the structure of digital certificates and defining certificate content, certificate policies, and lifecycles
- Classifying key PKI applications such as TLS/SSL, S/MIME, VPN, IPsec, and code signing to secure communication and software
- Planning and implementing a multi-tier Microsoft PKI environment with an offline root CA and enterprise sub-CA
- Configuring, managing, and securing a Microsoft PKI, including certificate templates, certificate revocation lists (CRLs), online responders, and automated certificate distribution
- Analyzing PKI issues and performing monitoring, maintenance, and troubleshooting in the operation of certification authorities
Public-key infrastructures (PKI) form the foundation for trusted digital communication. Digital certificates enable the reliable authentication of systems, services, and users, as well as the encryption and signing of data—both on the internet and within corporate networks.
In this PKI course, you’ll gain the necessary expertise to understand, plan, and securely operate PKI environments. You’ll learn the fundamentals of encryption, digital signatures, and certificates, and discover how public key infrastructures are deployed in modern IT environments.
Through the hands-on setup of a multi-tier Microsoft PKI environment, you will work with Certification Authorities (CAs), certificates, and the associated services. By the end of the Public Key Infrastructure course, you will be able to plan, implement, and reliably operate PKI in your own environment.
Day 1
1 Introduction
- The Problem – Why do we actually need PKI?
- Historical Development
- Legal Aspects
2 Cryptographic Fundamentals
- Symmetric and Asymmetric Encryption Methods
- Digital Signatures
- Post-Quantum Cryptography – Quantum Computers, the new challenge
3 Authentication
- Multi-Factor Authentication
- One-Time Passwords
- Kerberos
- Public-Key Certificates
4 PKI Basics
- Certificates, Types, Certificate Requirements
- Certificate Revocation List
- Policies
- Certification Paths
5 PKI Components
- Certification Authority (CA)
- Registration Authority (RA)Public-key infrastructures (PKI) form the foundation for trusted digital communication. Digital certificates enable the reliable authentication of systems, services, and users, as well as the encryption and signing of data – both on the internet and within corporate networks.
- In this PKI course, you will gain the necessary expertise to understand, plan, and securely operate PKI environments. You will learn the fundamentals of encryption, digital signatures, and certificates, and discover how public-key infrastructures are deployed in modern IT environments.
- Through the practical setup of a multi-tier Microsoft PKI environment, you will work with Certification Authorities (CAs), certificates, and the associated services. By the end of the course, you will be able to plan, implement, and reliably operate PKI in your own environment.
- Repository
- Archive
- Certificate Holder
- Relying Party
6 PKI Architectures
- Stand-Alone CA, Enterprise CA, Offline CAs
- Hierarchical Infrastructures (Multi-Level CAs)
- Cloud-based CAs
- Cross-certification
- Bridge CA
7 Verification
- Construction and verification of certification paths
- Chain of Trust
8 Certificate Revocation List (CRL)
- Content
- Generating and distributing CRLs
9 Directories
- X.500, LDAP
10 X.509 Certificates
- ASN.1 Types
- Basic Content (V1)
- Extensions (V3)
- Usage
11 Trust, Processes, Policies
- Certificate Policies (CP)
- Certificate Practice Statement
12 Applications
- Web: SSL/TLS
- Email: S/MIME
- IPsec
- VPN
- Code signing
13 Requesting Certificates
- Certificate Signing Request
- OpenSSL
- Web Interface
- Certificate Templates (Microsoft Enterprise CA)
- GPOs
- ACME (Automated Certificate Management Environment)
Day 2: Practical day
Setting up a two-tier Certificate Authority (CA), including:
- Stand-alone offline root CA (on Windows Server)
- Underlying enterprise (AD-based) sub-CA (iCA), online
- What configuration differences arise when using only a single-tier CA environment (enterprise root CA)?
- Use of the CaPolicy.inf file
- Complete and correct Certificate Revocation List (CRL) configuration, including configuration of an online responder
- Configuration of certificate templates
- Configuration of automatic certificate request, distribution, and renewal via Group Policy Objects (GPOs)
- Configuration and setup of SSL/TLS certificates
- Certificate revocation
- Special configurations: archiving private keys, setting up certificate agents, etc.
- Monitoring of Certification Authorities (CAs)
- Backing up and restoring CAs
- Using command-line tools (e.g., certutil.exe) and PowerShell for configuring and managing CAs
- Tips and tricks for setting up and troubleshooting Microsoft PKI systems
On the first day, you’ll learn the theoretical basics of Public Key Infrastructure (PKI).
The second day is structured as a workshop. Here, you’ll have the opportunity to put your newly acquired knowledge to the test in a practical setting.
This PKI course is designed for system administrators, developers, security managers, and IT architects who wish to plan, implement, or operate secure applications using digital certificates.
The public key infrastructure course is particularly relevant for:
- Windows administrators
- Security engineers
- PKI managers
- Zero-trust / identity projects
Basic knowledge of encryption is an advantage.