Course

Public key infrastructures («PKI»)

You will learn the theoretical basics of the Public Key Infrastructure (PKI). You will then learn how to set up, correctly configure, manage, secure and troubleshoot all components of a complete PKI environment.
Duration 2 days
Price 1'700.–
Course documents Digicomp course material

Course facts

At the end of the theory part you will be able to,
  • formulate the architecture and components of a public key infrastructure
  • know how to solve problems when setting up a public key infrastructure
  • know what to look for when defining certificate content
  • know about the most important standard applications
After the public key infrastructure practice day, you will be able to set up, properly configure, manage, secure and troubleshoot all the necessary components of a complete PKI environment
A public key infrastructure (PKI) is an effective tool for protecting systems and services on the internet. Although PKI has been in development for over 20 years, it is only in the last few years that it has become a topic of discussion among security managers. A major market driver are the new possibilities of digital signatures, which require a PKI.

Public-key cryptography is a mature technology that forms the basis for secure protocols. A standard mechanism for the distribution of public keys was not available for a long time. Today, however, progress has been made on both sides. You no longer need to be an expert in public-key cryptography to recognise its advantages. Because today, a wide variety of products are available on the market. This course will help you to choose the right ones for you from the many possibilities and to use them successfully.

Contents Day 1: Theory day

Introduction
  • Problem definition
  • History
  • Legal aspects
Cryptographic basics
  • Symmetric and asymmetric procedures
  • Digital signatures
  • Key Management
Authentication
  • Password-based
  • One-time passwords
  • Kerberos
  • Public Key Certificates
PKI-based
  • Certificates
  • Certificate Revocation List
  • Policies
  • Certification paths
PKI components
  • Certification Authority (CA)
  • Registration Authority (RA)
  • Repository
  • Archive
  • Certificate holder
  • Relying Party
PKI architectures
  • Single CA
  • Hierarchical infrastructure
  • Network structure
  • Cross-certification
  • Bridges CA
Verification
  • Construction and verification of certification paths
Certificate Revocation List (CRL)
  • Content
  • Creation and distribution of CRLs
Directories
  • X.500, LDAP
X.509 certificates
  • ASN.1 types
  • Basic content
  • Extensions
  • Use
Trust, procedures, policies
  • Certificate Policies (CP)
  • Certificate Practice Statement
Applications
  • Web: SSL/TLS
  • Email: S/MIME
  • IPsec

Contents Day 2: Practical day

Setting up a two-tier certification authority environment with a stand-alone offline root certification authority
  • Setting up an underlying Enterprise (AD-based) Online Sub Certification Authority
  • What is configured differently if only a single-tier CA environment (Enterprise Root CA) is used?
  • Use of the CaPolicy.inf file
  • Complete and correct revocation list configuration (CRL), including configuration of an online responder
  • Configuration of certificate templates
  • Configuration of automatic certificate request and distribution as well as renewal via GPOs
  • Proper configuration and setup of SSL certificates
  • Certificate revocation
  • Special configurations: archiving private keys, setting up certificate agents, etc.
  • Monitoring Certification Authorities
  • Backup and restore Certification Authorities
  • Using command line tools (e.g. certutil.exe) and PowerShell when configuring and managing Certification Authorities
This seminar is designed for two course days. On the first day, you will learn the theoretical basics of PKI. The second day is a purely practical day, where the basics learned on the first day are put into practice. Developers and technical architects who want to build a PKI or produce protected applications. Basic knowledge of encryption is an advantage.

Download

Questions

Choose your date

Further courses