Course

Public Key Infrastructures («PKI»)

You will learn the theoretical basics of the Public Key Infrastructure (PKI). You will then learn how to set up, correctly configure, manage, secure and troubleshoot all components of a complete PKI environment.
Duration 2 days
Price 1'700.–
Course documents Digicomp course material

Course facts

Key Learnings
  • Formulating the architecture and components of a public key infrastructure
  • Knowing how to solve problems when setting up a public key infrastructure
  • Knowing what to look out for when defining certificate content
  • Knowing the most important standard applications
  • Setting up all the necessary components of a complete PKI environment
  • Configuring, managing and securing a PKI environment
  • Carrying out troubleshooting
Content

A public key infrastructure (PKI) is an effective tool for protecting systems and services on the internet. Although PKI has been in development for over 20 years, it is only in the last few years that it has become a topic of discussion among security managers. A major market driver are the new possibilities of digital signatures, which require a PKI.

Public-key cryptography is a mature technology that forms the basis for secure protocols. A standard mechanism for the distribution of public keys was not available for a long time. Today, however, progress has been made on both sides. You no longer need to be an expert in public-key cryptography to recognise its advantages. Because today, a wide variety of products are available on the market. This course will help you to choose the right ones for you from the many possibilities and to use them successfully.

Day 1: Theory day

1 Introduction

  • Problem definition
  • History
  • Legal aspects

2 Cryptographic basics

  • Symmetric and asymmetric procedures
  • Digital signatures
  • Key Management

3 Authentication

  • Password-based
  • One-time passwords
  • Kerberos
  • Public Key Certificates

4 PKI-based

  • Certificates
  • Certificate Revocation List
  • Policies
  • Certification paths

5 PKI components

  • Certification Authority (CA)
  • Registration Authority (RA)
  • Repository
  • Archive
  • Certificate holder
  • Relying Party

6 PKI architectures

  • Single CA
  • Hierarchical infrastructure
  • Network structure
  • Cross-certification
  • Bridges CA

7 Verification

  • Construction and verification of certification paths

8 Certificate Revocation List (CRL)

  • Content
  • Creation and distribution of CRLs

9 Directories

  • X.500, LDAP

10 X.509 certificates

  • ASN.1 types
  • Basic content
  • Extensions
  • Use

11 Trust, procedures, policies

  • Certificate Policies (CP)
  • Certificate Practice Statement

12 Applications

  • Web: SSL/TLS
  • Email: S/MIME
  • IPsec


Day 2: Practical day

Setting up a two-tier certification authority environment with a stand-alone offline root certification authority

  • Setting up an underlying Enterprise (AD-based) Online Sub Certification Authority
  • What is configured differently if only a single-tier CA environment (Enterprise Root CA) is used?
  • Use of the CaPolicy.inf file
  • Complete and correct revocation list configuration (CRL), including configuration of an online responder
  • Configuration of certificate templates
  • Configuration of automatic certificate request and distribution as well as renewal via GPOs
  • Proper configuration and setup of SSL certificates
  • Certificate revocation
  • Special configurations: archiving private keys, setting up certificate agents, etc.
  • Monitoring Certification Authorities
  • Backup and restore Certification Authorities
  • Using command line tools (e.g. certutil.exe) and PowerShell when configuring and managing Certification Authorities
Methodology & didactics

This seminar is designed for two course days. On the first day, you will learn the theoretical basics of PKI. The second day is a purely practical day, where the basics learned on the first day are put into practice.

Target audience

This course is aimed at developers and technical architects who want to build a PKI or produce protected applications.

Requirements

Basic knowledge of encryption is an advantage.

Download

Questions

Any questions?
First name
Last name
Company optional
Email
Phone
I would like to book this course as a company course
First name
Last name
Company optional
Email
Phone
Number of participants
Desired course location
Start date (DD.MM.YYYY)
End date (DD.MM.YYYY)

Choose your date

7
Apr
2025
8
Apr
2025
Zürich
German
Timetable
Guaranteed to take place. Register now!
CHF 1’700.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 1’700.-
exkl. 8.1% Mwst.
28
Apr
2025
29
Apr
2025
Lausanne
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
10
Jun
2025
11
Jun
2025
Geneva
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
19
Jun
2025
20
Jun
2025
Zürich
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
19
Jun
2025
20
Jun
2025
Berne
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
19
Jun
2025
20
Jun
2025
Basel
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
24
Jul
2025
25
Jul
2025
Lausanne
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
1
Sep
2025
2
Sep
2025
Geneva
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
22
Sep
2025
23
Sep
2025
Zürich
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
22
Sep
2025
23
Sep
2025
Berne
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
22
Sep
2025
23
Sep
2025
Basel
German
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
13
Oct
2025
14
Oct
2025
Lausanne
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
27
Nov
2025
28
Nov
2025
Geneva
French
Timetable
CHF 1’700.-
exkl. 8.1% Mwst.
CHF 1’700.-
exkl. 8.1% Mwst.
Next date
7
Apr
2025
8
Apr
2025
Zürich
German
Timetable
Guaranteed to take place. Register now!
CHF 1’700.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 1’700.-
exkl. 8.1% Mwst.

Further courses

Administering Microsoft Endpoint Configuration Manager («55348A»)

5 days
CHF
3'950.–