Levi, Ray & Shoup, Inc.
  • Courses
  • Site Content

MS-2821 - Designing and Managing a Windows Public Key Infrastructure

This course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services, such as Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Internet Information Server, Microsoft Outlook, and remote access services.

Click here to print this page »


Before attending this course, students must have familiarity with Windows 2000 or Windows Server 2003 technology such as those described in the following courses: MS2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure or MS2154: Implementing and Administering Microsoft Windows 2000 Directory Services

Detailed Class Syllabus

Module 1: Overview of Public Key Infrastructure

Introduction to PKI
Introduction to Cryptography
Certificates and Certification Authorities

Module 2: Designing a Certification Authority Hierarchy

Identifying CA Hierarchy Design Requirements
Common CA Hierarchy Designs
Documenting Legal Requirements
Analyzing Design Requirements
Designing a CA Hierarchy Structure

Module 3: Creating a Certification Authority Hierarchy

Creating an Offline CA
Validating Certificates
Planning CRL Publication
Installing a Subordinate CA

Module 4: Managing a Public Key Infrastructure

Introduction to PKI Management
Managing Certificates
Managing Certification Authorities
Planning for Disaster Recovery

Module 5: Configuring Certificate Templates

Introduction to Certificate Templates
Designing and Creating a Certificate Template
Publishing a Certificate Template
Managing Changes in a Certificate Template

Module 6: Configuring Certificate Enrollment

Introduction to Certificate Enrollment
Enrolling Certificates Manually
Autoenrolling Certificates

Module 7: Configuring Key Archival and Recovery

Introduction to Key Archival and Recovery
Implementing Manual Key Archival and Recovery
Implementing Automatic Key Archival and Recovery

Module 8: Configuring Trust Between Organizations

Introduction to Advanced PKI Hierarchies
Qualified Subordination Concepts
Configuring Constraints in a Policy.inf File
Implementing Qualified Subordination

Module 9: Deploying Smart Cards

Introduction to Smart Cards
Enrolling Smart Card Certificates
Deploying Smart Cards

Module 10: Securing Web Traffic by Using SSL

Introduction to SSL Security
Enabling SSL on a Web Server
Implementing Certificate-based Authentication

Module 11: Configuring E-mail Security

Introduction to E-mail Security
Configuring Secure E-mail Messages
Recovering E-mail Private Keys
Migrating a KMS Database to a CA Running Windows Server 2003