- Introduction to the PKI topic, definition of terms
- Comparison of independent & organizational structure
- Installing a two-tier certificate server infrastructure Offline RootCA with an online subordinate (Issuing) CA according to best practice recommendations
- Backup/restore the certification authorities
- Set up key archiving for data encryption certificates to recover private keys (Key Recovery Agent)
- Tools for PKI administration (mmc consoles, certutil, powershell)
- Revoking certificates, publishing revocation lists (CRL) and setting up an OnlineResponder environment (OCSP)
- Certificate import and export (manually and via Group Policy)
- Creation and management of certificate templates
- Request certificates manually (mmc console, certutil, website) or automated via Group Policy
- Securing Windows services with certificates (email signature & encryption (S/MIME), TLS/SSL, smart card authentication, file encryption (EFS)
- Rights management of the certification authority
- Setting up registration agents (for requesting certificates on behalf)