The ability to design and manage a Public Key Infrastructure (PKI) is highly dependent on the skills and knowledge of those managing it. This course is a deep-dive into PKI and Active Directory Certificate Services (ADCS) by focusing on building knowledge and skills with all of its features. There is a strong emphasis on security, best practices, and hands-on skills labs.
Class audience: This course is recommended for anyone using, managing, deploying or designing PKI solutions with ADCS components.
Course details are available here for download.
Certificates & Certificate Stores
- What is a Digital Certificate?
- How are Certificates stored in Windows?
- What are Trusted Root Certificates?
- What is a Certification Authority?
Certification Authorities (CA) and Hierarchies
Crypto Service Providers, Algorithms, and Keys
- CSP Overview
- Crypto Next Generation
- CSP interoperability considerations
- Encryption Types
- Cryptographic Keys
- Key Types
- Key Lengths
- Key Distribution
- CRL Partitioning
- Design Principles
LAB 1: Deploy a 2-tier PKI
Online Certificate Status Protocol
- Design configurations
Lab 2: Deploy an OCSP Responder
Chain Building and Revocation Checking
- Chain Building
- Revocation checking
- Troubleshooting Tools and Techniques
- What Are Certificate Templates?
- Certificate Template Versions
- Certificate Template Design, Management and Permissions
- Client Certificate Enrollment Protocol
- Web Enrollment Pages
- Delegated Enrollment
- Cross Forest Enrollment
- Certificate Enrollment Web Service & Policy Service Enrollment
- Auto Enrollment
LAB 3: CES/CEP Enrollment
Automated Certificate Enrollment
- Certificate Autoenrollment overview
- Considerations for Implementing Autoenrollment
- How to Enable Autoenrollment Settings in Group Policy
- Autoenrollment processes
- Troubleshooting autoenrollment
Renewing, Upgrading and Migrating CAs
- Increase the lifetime of the CA
- Change the key used by the CA
- Increase the key size of the CA
- Add certificate policies to the CA (qualified subordination)
- CRL partitioning
PKI High Availability
What’s New in 2016
Common ADCS Mistakes
Known Issues in ADCS
Debug & Logging