Microsoft PKI In-depth training


PKI Solutions In-depth 5 day hands-on training

SKU: PKI001 Category:


The ability to design and manage a Public Key Infrastructure (PKI) is highly dependent on the skills and knowledge of those managing it. This course is a deep-dive into PKI and Active Directory Certificate Services (ADCS) by focusing on building knowledge and skills with all of its features. There is a strong emphasis on security, best practices, and hands-on skills labs.

Class audience: This course is recommended for anyone using, managing, deploying or designing PKI solutions with ADCS components.

Course details are available here for download.


Class syllabus

Certificates & Certificate Stores

  • What is a Digital Certificate?
  • How are Certificates stored in Windows?
  • What are Trusted Root Certificates?
  • What is a Certification Authority?

Certification Authorities (CA) and Hierarchies

Crypto Service Providers, Algorithms, and Keys

  • CSP Overview
  • Crypto Next Generation
  • Suite-B
  • CSP interoperability considerations
  • Algorithms
    • Encryption Types
    • Hashing
    • Cryptographic Keys
    • Key Types
    • Key Lengths
    • Key Distribution

Certificate Revocation

  • Overview
  • CRL Partitioning
  • Design Principles
  • Limitations

LAB 1: Deploy a 2-tier PKI

Online Certificate Status Protocol

  • Overview
  • Design configurations
  • Limitations

Lab 2: Deploy an OCSP Responder

Chain Building and Revocation Checking

  • Chain Building
  • Revocation checking
  • Troubleshooting Tools and Techniques

Enterprise Templates

  • What Are Certificate Templates?
  • Certificate Template Versions
  • Certificate Template Design, Management and Permissions

Certificate Enrollment

  • Client Certificate Enrollment Protocol
  • Web Enrollment Pages
  • Certificate Enrollment Web Service & Policy Service Enrollment
  • Auto Enrollment

LAB 3: CES/CEP Enrollment

Automated Certificate Enrollment

  • Certificate Autoenrollment overview
  • Considerations for Implementing Autoenrollment
  • How to Enable Autoenrollment Settings in Group Policy
  • Autoenrollment processes
  • Troubleshooting autoenrollment

Renewing, Upgrading and Migrating CAs

  • Increase the lifetime of the CA
  • Change the key used by the CA
  • Increase the key size of the CA
  • Add certificate policies to the CA (qualified subordination)

PKI High Availability

Disaster Recovery

Chaining Mechanisms

Cloud PKI Architecture

What’s New in 2016

Common ADCS Mistakes

Known Issues in ADCS

Troubleshooting Tools

Debug & Logging

ADCS Configuration