Module 1: Overview of Public Key Infrastructure
This module explains the basic concepts of a public key infrastructure (PKI) and its components. It also provides an overview of the topics that will be explained in-depth in the course.
Lessons
Introduction to PKIIntroduction to CryptographyCertificates and Certification AuthoritiesModule 2: Designing a Certification Authority Hierarchy
This module introduces students to designing a CA hierarchy. It explains the major tasks that are involved, including identifying business and legal requirements and planning a Certification Authority (CA) hierarchy structure.
LessonsIdentifying CA Hierarchy Design RequirementsCommon CA Hierarchy DesignsDocumenting Legal RequirementsAnalyzing Design RequirementsDesigning a CA Hierarchy Structure Lab : Designing a CA HierarchyIdentifying Applications and Certificate HoldersIdentifying Technical and Business RequirementsDesigning a CA Hierarchy After completing this module, students will be able to:
Identify technical and business requirements for designing a CA hierarchy.Describe common CA hierarchy designs.Describe policies and documents for specifying the legal requirements of a CA hierarchy design.Identify the impact of design requirements and determine design changes to a CA hierarchy design.Design a CA hierarchy to meet business requirements.Module 3: Creating a Certification Authority Hierarchy
This module explains how to create a CA hierarchy based on a CA hierarchy design. Students also learn how to install Certificate Services, validate a certificate, and publish a certificate revocation list (CRL) and an Authority Information Access (AIA).
LessonsCreating an Offline CAValidating CertificatesPlanning CRL PublicationInstalling a Subordinate CA Lab : Installing an Offline CAConfiguring CAPolicy.inf for installing the Offline Root CAInstalling the Offline Root CA Lab : Publishing CRLs and AIAsDefining CRL and AIA Publication SettingsPublishing the CRL and AIA InformationAdding the Web Server to Local Intranet Sites Lab : Implementing a Subordinate Enterprise CAInstalling the Subordinate Enterprise CAValidating the PKI Health of your CA Hierarchy After completing this module, students will be able to:
Create an offline root CA.Design an infrastructure to validate certificates.Design an infrastructure to publish CRLs.Install a subordinate CA.Module 4: Managing a Public Key Infrastructure
This module explains how to manage a PKI by managing certificates and CAs. Students also learn how to recover a PKI in the event of a failure.
LessonsIntroduction to PKI ManagementManaging CertificatesManaging Certification AuthoritiesPlanning for Disaster Recovery Lab : Enabling Role SeparationDefining CA Administrators and Certificate ManagersRestricting Certificate ManagersGenerating Certificate RequestsTesting CA Administrator TasksTesting Certificate Manager TasksEnabling Certificate Services Auditing Lab : Backing Up and Restoring a Certification AuthorityDetermining Backup PrivilegesBacking Up Certificate ServicesRemoving the CA's Private Key from the CA Certificate StoreRestoring the System State Backup After completing this module, students will be able to:
Describe the use of roles in PKI management.Perform certificate management tasks.Perform CA management tasks.Plan for disaster recovery of Certificate Services.Module 5: Configuring Certificate Templates
This module introduces students to certificate templates and how to design them. Students also learn about creating, publishing, and changing certificate templates.
LessonsIntroduction to Certificate TemplatesDesigning and Creating a Certificate TemplatePublishing a Certificate TemplateManaging Changes in a Certificate Template Lab : Delegating Certificate Template ManagementDelegating Certificate Template Administration Permissions Lab : Designing a Certificate TemplateReviewing an Existing Certificate TemplateDesigning the Custom Code Signing Certificate Template Lab : Configuring Certificate TemplatesCreating a Certificate TemplatePublishing a Certificate TemplateEnrolling the Certificate TemplateSuperceding a Certificate Template After completing this module, students will be able to:
Describe the function of certificate templates in a Windows Server 2003 PKI.Design and create a certificate template.Publish a certificate template.Replace an existing certificate template with an updated certificate template.Module 6: Configuring Certificate Enrollment
In this module, students learn about the various methods of enrolling certificates. Students can either process the certificate requests manually or automatically, depending upon the approval requirement from the certificate manager.
LessonsIntroduction to Certificate EnrollmentEnrolling Certificates ManuallyAutoenrolling Certificates Lab : Enrolling CertificatesChoosing an Enrollment MethodEnrolling Computer Certificates by Using the Certificate Enrollment WizardCreating a User Certificate Template that Enables AutoenrollmentDeploying the Certificates by Using Autoenrollment After completing this module, students will be able to:
Select the appropriate certificate enrollment method for a given scenario.Enroll certificates manually.Autoenroll certificates.Enroll smart card certificates.Module 7: Configuring Key Archival and Recovery
This module describes the importance of creating a strategy for data and key recovery and explains the key archival and recovery process. Students also learn how Windows XP and Windows Server 2003 enhance data protection and data recovery.
LessonsIntroduction to Key Archival and RecoveryImplementing Manual Key Archival and RecoveryImplementing Automatic Key Archival and Recovery Lab : Configuring Key RecoveryPublishing the Key Recovery Agent Certificate TemplateEnrolling the Key Recovery Agent CertificatesImplementing Key Recovery on an Enterprise CACreating an Archive-enabled Certificate TemplateAcquiring an ArchiveEFS CertificatePerforming Key Recovery After completing this module, students will be able to:
Describe the key archival and recovery process in a Windows Server 2003 PKI.Implement manual key archival and recovery.Implement automatic key archival and recovery.Module 8: Configuring Trust Between Organizations
Students learn how to extend an organization's PKI trust hierarchy to other organizations. By extending the trust hierarchy, an organization's certificates can be used and trusted across organizations for purposes like secure e-mail messages, client authentication, and server authentication.
LessonsIntroduction to Advanced PKI HierarchiesQualified Subordination ConceptsConfiguring Constraints in a Policy.inf FileImplementing Qualified Subordination Lab : Implementing a Bridge CACreating a Qualified Subordination Signing Certificate TemplateConfiguring a Policy.inf FileRequesting a Qualified Subordination Signing CertificateGenerating a Cross Certification Authority Certificate for the Bridge CAModifying the Policy.inf File on the Bridge CACreating the Cross Certification Authority CertificatePublishing the Bridge CA Cross Certification Authority CertificatesIssuing Certificates that Meet Qualified Subordination Constraints After completing this module, students will be able to:
Describe advanced PKI hierarchies.Describe how constraints are used in qualified subordination.Configure a policy.inf file to implement qualified subordination constraints.Implement qualified subordination between CA hierarchies.Module 9: Deploying Smart Cards
In this module, students learn how smart cards provide secure storage for data and also support authentication of users. Students also learn how to configure and deploy smart cards in a Windows Server 2003 PKI environment.
LessonsIntroduction to Smart CardsEnrolling Smart Card CertificatesDeploying Smart Cards Lab : Deploying Smart CardsModifying and Publishing the Enrollment Agent Certificate TemplateAcquiring the Enrollment Agent CertificatesCreating a Custom Smart Card CertificateEnabling the Downloading of Unsafe Microsoft ActiveX ControlsPerforming Smart Card Enrollment Agent RequestsConfiguring a Certificate to Require a Smart Card Signature during AutoenrollmentSigning an Autoenrollment Certificate Request with a Smart CardPlanning for Re-enrollment After completing this module, students will be able to:
Describe the use of smart cards for authentication in a Windows Server 2003 PKI environment.Deploy smart cards for authentication in a Windows Server 2003 PKI environment.Module 10: Securing Web Traffic by Using SSL
This module explains how to secure a Web environment by implementing SSL security and certificate-based authentication for Web applications.
LessonsIntroduction to SSL SecurityEnabling SSL on a Web ServerImplementing Certificate-based Authentication Lab : Deploying SSL Encryption at a Web ServerEnabling SSL Encryption in IISSecuring the Security Virtual FolderEnabling Certificate Mapping in Active DirectoryEnabling Certificate Mapping in IIS After completing this module, students will be able to:
Describe how security is implemented in a Web environment.Configure IIS to implement SSL security.Implement certificate-based authentication for Web applications.Module 11: Configuring E-mail Security
In this module, students learn how to implement secure e-mail messages in an Exchange 2003 environment.
LessonsIntroduction to E-mail SecurityConfiguring Secure E-mail MessagesRecovering E-mail Private KeysMigrating a KMS Database to a CA Running Windows Server 2003 Lab : Securing E-mail Messages in Exchange Server 2003Creating Exchange Server 2003 MailboxesCreating and Publishing S/MIME Certificate TemplatesConfiguring Outlook 2002Sending Secure E-mail Between Organizations After completing this module, students will be able to:
Describe how e-mail security is implemented by a server running Exchange in a Windows Server 2003 environment.Securing e-mail messages in an Exchange 2003 environment.Recover e-mail private keys.Migrate a Key Management Service (KMS) database to a Windows Server 2003 Enterprise Edition enterprise CA.