|
|
1-800-THE-TREE (1-800-843-8733)
|
|
|
 |
|
PKI: A Comprehensive Hands-On Introduction
Course: 586
Type: Hands-On Training
Duration: 4 Days
You Will Learn How To
- Build a Public Key Infrastructure (PKI) to secure Internet, intranet and extranet applications
- Identify functionality of PKI components based on standards
- Design PKI architectures to support different trust models
- Integrate public key certificates into a range of PKI applications
- Constrain trust among PKIs with qualified subordination
- Evaluate policy requirements for your enterprise PKI
Course Benefits A public key infrastructure (PKI) is a critical component for ensuring confidentiality, integrity and authentication in an enterprise. This hands-on course provides essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization. You also learn to link your PKI to other organizations and enable secure communications.Who Should Attend PKI designers, technical managers overseeing security and those responsible for developing enterprise security. Anyone connecting a PKI to an external Certification Authority (CA), a bridge or another organization's PKI will also benefit.Hands-On Training You gain extensive hands-on experience planning, designing and building a PKI. Exercises include:
- Setting up an RA to issue certificates to the Entrust Entelligence PKI client
- Creating custom certificate content
- Building an Entrust Root CA and connecting to an X.500 directory
- Cross-certifying with a Bridge CA
- Constraining trust among PKIs
- Securing communications with S/MIME, SSL and IPsec
- Establishing a Microsoft SCA under an Entrust Root CA
- Authenticating with a smart card
- Configuring Microsoft compatibility in Entrust CA
Course 586 Content
- Instigating trust through credentials
- Verifying with a trusted third party
- Selecting symmetric and asymmetric algorithms
- Encrypting with modulo arithmetic
- Visualizing the Diffie-Hellman algorithm
- Enforcing non-repudiation with digital signatures
- Authenticating via zero knowledge proof
- Enforcing access with M-of-N authentication
- Requiring multifactor authentication with smart cards
- Protecting with the Data Protection API
- Examining key storage in the user profile
- Prevent tampering with the Hardware Security Module (HSM)
- Auto-archiving the encryption private key
- Utilizing a key recovery agent
- Solving deniability with dual-key support
- Interoperating with industry profiles
- Setting certificate lifetimes
- Controlling access with attribute certificates
- Enrolling Cisco devices with SCEP
- Creating new certificate fields
- Implementing policies in templates
- Securing Web traffic with SSL
- Setting up a Virtual Private Network (VPN) with IPsec
- Sending e-mail securely with S/MIME
- Identifying with an Object Identifier (OID)
- Selecting Microsoft application policies
- Upholding Certification Practice Statements (CPS)
- Standardizing provisions for CP/CPS
- Rolling over a CA certificate lifetime
- CA disaster recovery
- Interfacing with PKCS and PKIX standards
- Contrasting online RA vs. offline RA
- Identifying with a distinguished name (DN)
- Accessing the X.500 directory with LDAP v3
- Selecting complete, delta or partitioned CRL
- Publishing CA certificates and CRLs
- Authenticating certificates with OCSP
- Forming a certificate chain
- Locating the Trust Anchor
- Confirming via path processing
- Distributing trust to subordinate CAs
- Increasing security with an offline root CA
- Designating CAs: Issuing, intermediate or policy
- Extending trust with cross-certification
- Controlling trust transitivity with path length
- Constraining names and policies
- Mapping equivalent policies with peer CAs
- Path processing a Certificate Trust List
- Centralizing trust policy relationships
- Introducing the Federal Bridge CA (FBCA)
- Enterprise CA vs. Standalone CA
- Delegating Common Criteria roles
|
Related Courses
|
|
|
|
|
|
|
Print Friendly
E-mail a Colleague
Course FAQ
Course PDF
Home
