PKI for Dummies

Alex de JongMicrosoft Freelance

Agenda• PKI Overview• Your own PKI

Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, distribute, use, store, and revoke

digital certificates

Subject Valid from/to

Issuer

Serial Number

Certificate Extensions

• Subject, Serial Number, Issuer, Valid From, Valid To• Public Key• Subject Alternative Names (SANs)• Authority Information Access (AIA)• Certificate Revocation Lists (CRLs)• Enhanced Key Usage

Authentication Encryption

Authenticity

3 Encryption “methods”• Symmetric

– 1 encryption key for encryption and decryption• Asymmetric

– 2 keys encryption keys: Public & Private• Hashing

– Used for Authenticity checking, passwords– Irreversible

Authenticity• Digitally Signed Data– e-mail, documents, this PowerPoint

About the Issuer

DEMOPublic CA’s

Building one of your 0wn3d• Stand alone vs. Enterprise• Design Considerations• Certificate Revocation Lists (CRL’s)

Building one of your 0wn3d• Certificate Templates• Web Services• …

DEMOPrivate CA’s

Enrolling certificates• Web Services• Auto Enrollment• MMC Snap-in

From the client side• Managing your own certificates• Checking the others

DEMOManaging Certificates