PKI In-Depth Training In New York City & San Francisco

I am now fielding interest for the 4-day PKI In-Depth Training course to be held in New York City and for San Francisco. Both are half-way to minimum course size. Dates will be established based on attendee availability. I will also be covering the new NDES Policy Module feature in 2012 R2 and the topics covered in the soon to be released Securing and Hardening NDES White Paper from Microsoft. Agenda for the class is based on these topics:


PKI Basics


Compatibility of CNG across platforms

Choosing CSP versus KSP

How does PKI Work

Best Practices for Microsoft PKI

Security vs Compatibility


Digital Certificates

Create/Duplicating Templates

Template Versions


Template changes in 2008, R2 and 2012+

CA Design

CA Chains and Revocation

Revocation Mechanisms

Chaining Algorithms and multiple paths


Best Practices

Manual Enrollment Options



Advanced Topics

Upgrading and Migrating CAs between hosts and OSes

Known issues with ADCS Configurations

How to troubleshoot a CA that wont start

Advanced ADCS Debug Logging

Exploring and Defining the Key Windows Registry Keys for ADCS

Certutil command for troubleshooting and diagnostics

Credential Roaming

High Availability of CAs

Extending Trusts to other Organizations

Cross-Forest Enrollment


How CRL checking Works

OCSP Dependency on CRLs


Network Device Enrollment Service (NDES)

Securing and Hardening NDES (based on soon to be released White Paper)

BYOD solutions

SCCM & InTune

Policy Module (new in 2012 R2)

About ThePKIGuy

President & Founder at PKI Solutions, Leading PKI Cybersecurity Subject Matter Expert, Author, Speaker, Trainer, Microsoft Certified Master.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.