In this module, we will delve into the fundamentals of Public Key Infrastructure (PKI), starting with its definition and significance. We will explore the diverse uses of PKI, identify the key components that make up a PKI solution, and understand the role and workings of digital certificates in maintaining secure communications.

In this module, we will explore the foundational aspects of cryptography, beginning with a broad overview of its principles. We will compare symmetric and asymmetric encryption techniques, delve into the concept of digital signing, and examine different encryption algorithms. Additionally, we will cover hashing algorithms and their role in ensuring data integrity.

In this module, we will cover the essential aspects of Certification Authorities (CAs), starting with an overview of their roles. We'll differentiate between public and private CAs, explore the structure of root and subordinate CAs, and compare stand-alone vs. enterprise CAs. Furthermore, we will discuss the considerations for setting up a CA hierarchy and provide practical, hands-on guidance for installing a standalone root CA and an enterprise subordinate CA.

In this section, we will explore the different methods for requesting and enrolling certificates. You will learn about certificate templates and the various types of certificate enrollment. The section includes hands-on activities such as requesting certificates through web enrollment, MMC, auto-enrollment, and offline using CSR. Additionally, we will secure a website using a certificate and encrypt and decrypt files with certificates.

In this section, we will delve into configuring various properties of a Certificate Authority (CA). You will learn how to manage CA administration and security settings, set up CA policy and exit modules, and understand the roles of Certificate Revocation Lists (CRLs), Authority Information Access (AIA), and CDP extensions. Finally, we will guide you through configuring AIA and CDP extensions to ensure proper certificate management and accessibility.

In this section, we will explore the new roles in Certificate Services and their importance. You will learn about the Network Device Enrollment Service (NDES) and its configuration in two parts. Additionally, we will cover the concepts and setup of Enrollment Agents, including Certificate Enrollment Policy (CEP) and Certificate Enrollment Services (CES). Finally, the section includes configuring an Online Responder (OCSP) to enhance certificate validation processes.

In this section, we will guide you through the process of migrating the hashing algorithm from SHA1 to SHA2 on Windows Server 2016 Certificate Authority (CA). You will learn how to install and configure both Root and Subordinate CAs. We'll cover the essential planning steps needed before initiating the migration to minimize potential issues. Finally, you will perform the migration on both the Root CA and the Subordinate CA, ensuring a secure and updated cryptographic environment. You will also learn how to validate the successful migration and troubleshoot any challenges that may arise.