.svg)
.svg)
.svg)
Machine Learning Engineer
A public key infrastructure (PKI) is an effective tool for protecting systems and services on the Internet. Although PKI has been in development for over 20 years, it has only become a hot topic for security managers in the last few years. A major market driver is the new possibilities of digital signatures, which require a PKI.
Public key cryptography is a mature technology that forms the basis for secure protocols. A standard mechanism for the distribution of public keys was not available for a long time. Today, however, progress has been made on both sides. You no longer need to be an expert in public key cryptography to recognize its advantages. There are many different products available on the market today. This course will help you to choose the right option for you and use it successfully.
Day 1: Theory day
1. introduction
- Problem definition
- History
- Legal aspects
2. cryptographic basics
- Symmetric and asymmetric procedures
- Digital signatures
- Key Management
3. authentication
- Password-based
- One-time passwords
- Kerberos
- Public key certificates
4 PKI basis
- Certificates
- Certificate Revocation List
- Policies
- Certification paths
5. pki components
- Certification Authority (CA)
- Registration Authority (RA)
- Repository
- Archive
- Certificate holder
- Relying Party
6 PKI architectures
- Single CA
- Hierarchical infrastructure
- Network structure
- Cross-certification
- Bridges CA
7. verification
- Construction and verification of certification paths
8. certificate revocation list (CRL)
- Contents
- Creating and distributing CRLs
9. directories
- X.500, LDAP
10. x.509 certificates
- ASN.1 types
- Basic content
- Extensions
- Use
11. trust, processes, policies
- Certificate Policies (CP)
- Certificate Practice Statement
12.applications
- Web: SSL/TLS
- e-mail: S/MIME
- IPsec
Day 2: Practical day
Establishment of a two-tier certification authority environment with a stand-alone offline root certification authority
- Establishment of an underlying Enterprise (AD-based) Online Sub Certification Authority
- What is configured differently if only a single-tier CA environment (Enterprise Root CA) is used?
- Use of the CaPolicy.inf file
- Complete and correct revocation list configuration (CRL), including configuration of an online responder
- Configuration of certificate templates
- Configuration of automatic certificate request, distribution and renewal using GPOs
- Correct configuration and setup of SSL certificates
- Certificate revocations
- Special configurations: archiving private keys, setting up certificate agents, etc.
- Monitoring of certification authorities
- Backup and restoration of certification authorities
- Use of command line tools (e.g. certutil.exe) and PowerShell for the configuration and administration of Certification Authorities
At the end of the theory section, you will be able to,
- formulate the architecture and components of a public key infrastructure
- Knowing solutions to problems when setting up a public key infrastructure
- know what to look out for when defining certificate content
- Know about the most important standard applications
After the Public Key Infrastructure practice day, you will be able to set up, correctly configure, manage, secure and troubleshoot all the necessary components of a complete PKI environment.
This course consists of training training and is led by a trainer who supervises the participants live. Theory and practice are taught with live demonstrations and practical exercises. The video conferencing software Zoom is used.
developers and technical architects who want to set up a PKI or create protected applications. Basic knowledge of encryption is an advantage.
.svg)
