Certificates are everywhere—and when they break, everything breaks. Expired CA certificates, unreachable CRL distribution points, and misconfigured templates are behind some of the most disruptive outages in enterprise IT. Yet most administrators inherit a PKI infrastructure they didn’t build, don’t fully understand, and are afraid to touch.

This full-day hands-on lab changes that. Participants will build a complete two-tier PKI hierarchy from bare metal to production-ready, starting with an offline standalone Root CA and progressing through enterprise subordinate CA installation, AIA/CDP configuration, certificate template design, autoenrollment, key archival and recovery, and OCSP. Every participant leaves having personally constructed, configured, and validated a working enterprise PKI—not just watched slides about one.

The lab environment uses Windows Server with Active Directory Certificate Services in a realistic domain topology. Participants work through the same progression a PKI architect would follow in a real deployment, encountering (and resolving) the same configuration errors, permission issues, and validation failures that occur in production.

You will learn:

• Design and justify a two-tier CA hierarchy with an offline Root CA and online Enterprise Issuing CA
• Install and configure both Standalone and Enterprise CAs with proper capolicy.inf settings
• Configure AIA and CDP extensions correctly—and validate them before issuing any certificates

Attendee Workstation Requirements:

• You must provide your own laptop for this hands-on lab
• Your machine must have a modern web browser
• All other requirements will be posted two (2) weeks prior to the conference.