1-800-THE-TREE (1-800-843-8733)
 

PKI: A Comprehensive Hands-On Introduction

 
Course: 586     Type: Hands-On Training     Duration: 4 Days

Quick Enroll    

You Will Learn How To
  • Build a Public Key Infrastructure (PKI) to secure Internet, intranet and extranet applications
  • Identify functionality of PKI components based on standards
  • Design PKI architectures to support different trust models
  • Integrate public key certificates into a range of PKI applications
  • Constrain trust among PKIs with qualified subordination
  • Evaluate policy requirements for your enterprise PKI

Course Benefits
A public key infrastructure (PKI) is a critical component for ensuring confidentiality, integrity and authentication in an enterprise. This hands-on course provides essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization. You also learn to link your PKI to other organizations and enable secure communications.

Who Should Attend
PKI designers, technical managers overseeing security and those responsible for developing enterprise security. Anyone connecting a PKI to an external Certification Authority (CA), a bridge or another organization's PKI will also benefit.

Hands-On Training
You gain extensive hands-on experience planning, designing and building a PKI. Exercises include:
  • Setting up an RA to issue certificates to the Entrust Entelligence PKI client
  • Creating custom certificate content
  • Building an Entrust Root CA and connecting to an X.500 directory
  • Cross-certifying with a Bridge CA
  • Constraining trust among PKIs
  • Securing communications with S/MIME, SSL and IPsec
  • Establishing a Microsoft SCA under an Entrust Root CA
  • Authenticating with a smart card
  • Configuring Microsoft compatibility in Entrust CA

Course 586 Content
Trust in a Digital World
Establishing trust
  • Instigating trust through credentials
  • Verifying with a trusted third party
Implementing trust with cryptography
  • Selecting symmetric and asymmetric algorithms
  • Encrypting with modulo arithmetic
  • Visualizing the Diffie-Hellman algorithm
  • Enforcing non-repudiation with digital signatures
Securing PKI
Ensuring strong authentication
  • Authenticating via zero knowledge proof
  • Enforcing access with M-of-N authentication
  • Requiring multifactor authentication with smart cards
Securing the private key
  • Protecting with the Data Protection API
  • Examining key storage in the user profile
  • Prevent tampering with the Hardware Security Module (HSM)
Ensuring persistence of credentials
  • Auto-archiving the encryption private key
  • Utilizing a key recovery agent
  • Solving deniability with dual-key support
Authenticating with PKI Credentials
Inside PKI X.509 v3 Certificates
  • Interoperating with industry profiles
  • Setting certificate lifetimes
  • Controlling access with attribute certificates
  • Enrolling Cisco devices with SCEP
Customizing certificate templates
  • Creating new certificate fields
  • Implementing policies in templates
Leveraging certificates in applications
  • Running SSL/TLS over firewalls
  • Authenticating with the TLS handshake
  • Setting up a Virtual Private Network (VPN) with IPsec
  • Sending e-mail securely with S/MIME
Establishing Certificate Policy (CP)
  • Identifying with an Object Identifier (OID)
  • Upholding Certification Practice Statements (CPS)
  • Standardizing provisions for CP/CPS
Dissecting PKI Components
Trusting a Certification Authority (CA)
  • Rolling over a CA certificate lifetime
  • CA disaster recovery
Registration Authority (RA)
  • Interfacing with PKCS and PKIX
  • Contrasting online RA vs. offline RA
Connecting to the PKI X.500 Repository
  • Identifying with a distinguished name (DN)
  • Accessing a directory with LDAP v3
  • Chaining between X.500 and LDAP directories
  • Naming with the directory information tree (DIT)
Crafting the Certificate Revocation List (CRL)
  • Selecting complete, delta or partitioned CRL
  • Publishing CA certificates and CRLs
  • Authenticating certificates with OCSP
Validating an entity certificate
  • Forming a certificate chain
  • Locating the CA Trust Anchor
  • Confirming trust via path processing
Designing Trust Architectures
Building an enterprise trust hierarchy
  • Distributing trust to subordinate CAs
  • Increasing security with an offline root CA
  • Designating CAs: Issuing, intermediate or policy
Linking with a distributed trust model
  • Extending trust with cross-certification
  • Controlling trust transitivity with path length
Restricting trust with Qualified Subordination
  • Constraining names and policies
  • Mapping equivalent policies with peer CAs
  • Path processing a Certificate Trust List
Integrating with a Bridge CA
  • Centralizing trust policy relationships
  • Introducing the Federal Bridge CA (FBCA)
Interfacing with Microsoft PKI
  • Enterprise CA vs. Standalone CA
  • Delegating Common Criteria roles

Related Courses
  
 
Request More Info

Salutation

First Name

Last Name

Company

Zip Code

Country
   Codes
Work Phone

Extension

E-mail

A representative will contact you to follow up your request.
Privacy Statement

Save Up to 40% per course on the Training Passport!

PKI: A Comprehensive Hands-On Introduction
Upcoming Dates
Jan 20 - 23, 2009
 New York
Feb 17 - 20, 2009
 Washington, DC (Rockville, MD)
Apr 14 - 17, 2009
 Washington, DC (Reston, VA)
May 12 - 15, 2009
 Toronto
Jul 21 - 24, 2009
 New York
Aug 11 - 14, 2009
 Washington, DC (Rockville, MD)

PKI: A Comprehensive Hands-On Introduction
Bring Learning Tree On-Site

Course Tuition
$ 2,790 Standard Tuition
Tuition with a Savings Plan
$ 1,800 10-Day Pass
$ 1,670 Training Passport
$ 1,700 Premium-Pass
$ 2,200 Voucher 10-Pack
$ 2,515 Alumni Gold Discount
$ 2,484 Government Discount
 

 

PKI: A Comprehensive Hands-On Introduction
PKI: A Comprehensive Hands-On Introduction
Participants planning a PKI infrastructure.


CPE 23 Credits 2 Hour(s) College Credit
Customer Service or Enroll: 1-800-843-8733