Designing and Managing a Windows Public Key Infrastructure

Overview
This four-day, instructor-led course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services, such as Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Internet Information Server, Microsoft Outlook®, and remote access services.


Examination information
This course will help the student prepare for the following Microsoft Certified Professional exams: Exam 70-214: Implementing and Managing Security in a Windows 2000 Network Infrastructure Exam 70-220: Designing Security for a Microsoft Windows 2000 Network Exam 70-298: Designing Security for a Microsoft Windows Server 2003 Network Exam 70-299, Implementing and Administering Security in a Microsoft Windows Server 2003 Network


Prerequisites
Before attending this course, students must have:
Familiarity with Windows 2000 or Windows Server 2003 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) courses:
Course 2274: Managing a Microsoft Windows Server 2003 Environment
Course 2275: Maintaining a Microsoft Windows Server 2003 Environment
Course 2152: Implementing Microsoft Windows 2000 Professional and Server
Familiarity with Windows 2000 or Windows 2003 networking technologies, such as those described in the following MOC courses:
Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services
Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure
Familiarity with Windows 2000 or Windows 2003 directory services technologies, such as those described in the following MOC courses:
Course 2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Course 2154: Implementing and Administering Microsoft Windows 2000 Directory Services
Course outline

Module 1: Overview of Public Key Infrastructure
Introduction to PKI
Introduction to Cryptography
Certificates and Certification Authorities


Module 2: Designing a Certification Authority Hierarchy
Identifying CA Hierarchy Design Requirements
Common CA Hierarchy Designs
Documenting Legal Requirements
Analyzing Design Requirements
Designing a CA Hierarchy Structure


Module 3: Creating a Certification Authority Hierarchy
Create an offline root CA.
Design an infrastructure to validate certificates.
Design an infrastructure to publish CRLs.
Install a subordinate CA.


Module 4: Managing a Public Key Infrastructure
Introduction to PKI Management
Managing Certificates
Managing Certification Authorities
Planning for Disaster Recovery


Module 5: Configuring Certificate Templates
Introduction to Certificate Templates
Designing and Creating a Certificate Template
Publishing a Certificate Template
Managing Changes in a Certificate Template


Module 6: Configuring Certificate Enrolment
Introduction to Certificate Enrolment
Enrolling Certificates Manually
Auto-enrolling Certificates


Module 7: Configuring Key Archival and Recovery
Introduction to Key Archival and Recovery
Implementing Manual Key Archival and Recovery
Implementing Automatic Key Archival and Recovery


Module 8: Configuring Trust Between Organisations
Introduction to Advanced PKI Hierarchies
Qualified Subordination Concepts
Configuring Constraints in a Policy.inf File
Implementing Qualified Subordination


Module 9: Deploying Smart Cards
Introduction to Smart Cards
Enrolling Smart Card Certificates
Deploying Smart Cards


Module 10: Securing Web Traffic by Using SSL
Introduction to SSL Security
Enabling SSL on a Web Server
Implementing Certificate-based Authentication


Module 11: Configuring E-mail Security
Introduction to E-mail Security
Configuring Secure E-mail Messages
Recovering E-mail Private Keys
Migrating a KMS Database to a CA Running Windows Server 2003