- Introduction to PKI, definition of terms
- Comparison of independent and organisational structures
- Installation of a two-layer certificate server infrastructure offline Root CA with an online subordinate (issuing) CA in accordance with best practice recommendations
- Certification authority backup/restore
- Configuration of key archiving for data encryption certificates for the recovery of private keys (Key Recovery Agent)
- PKI administration tools (mmc consoles, certutil, Powershell)
- Blocking certificates, publishing CRL lists and setting up an Online responder environment (OCSP)
- Certificate import and export (manually and using group policies)
- Creation and management certificate templates
- Manually requesting certificates (mmc console, certutil, website) or automatically using group policies
- Securing Windows services with certificates (e-mail signature and encryption (S/MIME), TLS/SSL, smart card authentication, data encryption EFS)
- Certification authority rights management
- Set up of registration agents (to request certificates by proxy)