The Manage Certificates module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Manage Certificate Templates
  • Manage Certificate Enrolment
  • Configure Key Archival
  • Managing Key Recovery

Exercise 1 - Manage Certificate Templates

Active Directory Certification Authority services includes set of built-in certificate templates. These templates form the basis of what type of certificates will be available to users, computers and services in a network when any of these entities request for a certificate from the certificate server.

In this exercise, you will configure the different properties of CA Certificate Templates for a user account.

Exercise 2 - Manage Certificate Enrolment

For a large organization with hundreds of users, you can streamline the deployment of user certificates with the use of a customized certificate template.

A customized certificate template allows you to set properties and then distribute the certificates to domain users by using Group Policy Objects.

Exercise 3 - Configuring Key Archival

Certification Authority service can be configured to archive keys it has issued to users. This is feature allows an administrator to recover certificates lost by the user due to a number of reasons such as theft of smart card, an accidental reformat of the user workstation where the user certificate is saved and among other things.

Exercise 4 - Managing Key Recovery

After setting up key archival for a customized certificate template and enabling the Key Recovery Agent certificate, the PKI administrator can use certutil.exe to recover lost certificate of a user account.

In this exercise, you will recover an archive key of a user, export the key to a file and finally test if the recovered key can be used for decrypting a protected document.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.