Microsoft PKI In-depth training

PKI Solutions Inc. Microsoft PKI In-depth training

Microsoft PKI In-depth training


PKI Solutions In-depth 5 day hands-on training

SKU: PKI001 Category:


The ability to design and manage a Public Key Infrastructure (PKI) is highly dependent on the skills and knowledge of those managing it. This course is a deep-dive into PKI and Active Directory Certificate Services (ADCS) by focusing on building knowledge and skills with all of its features. There is a strong emphasis on security, best practices, and hands-on skills labs.

Class audience: This course is recommended for anyone using, managing, deploying or designing PKI solutions with ADCS components.

Course details are available here for download.


Class syllabus

Certificates & Certificate Stores

  • What is a Digital Certificate?
  • How are Certificates stored in Windows?
  • What are Trusted Root Certificates?
  • What is a Certification Authority?

Certification Authorities (CA) and Hierarchies

Crypto Service Providers, Algorithms, and Keys

  • CSP Overview
  • Crypto Next Generation
  • Suite-B
  • CSP interoperability considerations
  • Algorithms
    • Encryption Types
    • Hashing
    • Cryptographic Keys
    • Key Types
    • Key Lengths
    • Key Distribution

Certificate Revocation

  • Overview
  • CRL Partitioning
  • Design Principles
  • Limitations

LAB 1: Deploy a 2-tier PKI

Online Certificate Status Protocol

  • Overview
  • Design configurations
  • Limitations

Lab 2: Deploy an OCSP Responder

Chain Building and Revocation Checking

  • Chain Building
  • Revocation checking
  • Prefetching
  • Troubleshooting Tools and Techniques

Enterprise Templates

  • What Are Certificate Templates?
  • Certificate Template Versions
  • Certificate Template Design, Management and Permissions

Certificate Enrollment

  • Client Certificate Enrollment Protocol
  • Web Enrollment Pages
  • Delegated Enrollment
  • Cross Forest Enrollment
  • Certificate Enrollment Web Service & Policy Service Enrollment
  • Auto Enrollment

LAB 3: CES/CEP Enrollment

Automated Certificate Enrollment

  • Certificate Autoenrollment overview
  • Considerations for Implementing Autoenrollment
  • How to Enable Autoenrollment Settings in Group Policy
  • Autoenrollment processes
  • Troubleshooting autoenrollment

Renewing, Upgrading and Migrating CAs

  • Increase the lifetime of the CA
  • Change the key used by the CA
  • Increase the key size of the CA
  • Add certificate policies to the CA (qualified subordination)
  • CRL partitioning

PKI High Availability

Disaster Recovery

Chaining Mechanisms

What’s New in 2016

Common ADCS Mistakes

Known Issues in ADCS

Troubleshooting Tools

Debug & Logging

ADCS Configuration


  © Copyright 2013-2018 PKI Solutions Inc. // All Rights Reserved // Terms of Service // Privacy Policy // Pricing and Refund Policies