Scribd Logo
Upload

Welcome to Scribd!

  • Public Key Infrastructure

    Uploaded by

    AlexHera89
    9 views15 pages
    Public Key Infrastructure Lab

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Public Key Infrastructure Lab

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views15 pages

    Public Key Infrastructure

    Uploaded by

    AlexHera89
    Public Key Infrastructure Lab

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Public Key Infrastructure

    What is PKI?
    PKI is an ISO authentication framework that uses public key cryptography and the X.509
    standard.

    PKI is a collection of public key cryptography mechanisms, communication protocols,


    security policies, procedures, etc.
    Certification Authority (CA)
    A CA is a trusted organization (or server) that maintains and issues digital
    certificates.

    CA

    Bob Alice
    External CAs
    Internal CAs
    Enterprise-specific certification authority.

     Intranet sites
     VPN
     Wireless authentication (802.1X)
     Secure communications between internal services

     Free
     Scalable
    Lab Setup
    Virtualization Platform: Hyper-V

    PKI: Windows Server 2019 Datacenter


    Client: Windows 10 Enterprise
    Gateway: pfSense

    Naming Conventions: {entity}-{platform}{service}{number}


    Example: ec-wsca01

    Network: 10.0.0.0/24
    Network Setup
    Network: 10.0.0.0/24
    Domain: evilcorp.org Alice

    Domain Controller
    10.0.0.1

    Gateway
    Web Server 10.0.0.254
    10.0.0.4

    Enterprise CA
    10.0.0.3

    Root CA
    10.0.0.2 Bob
    Server Roles
    Domain Controller:
     Active Directory
     DNS
     DHCP

    Root CA: Standalone Root CA

    Enterprise CA: Enterprise Sub CA

    Web Server: IIS


    Root CA Setup
    CDP

    C\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl

    http://pki.evilcorp.org/pki/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl

    AIA

    C\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><CertificateName>.crt

    http://pki.evilcorp.org/pki /<ServerDNSName>_<CaName><CertificateName>.crt
    IIS Setup
    C:\pki pki Virtual Directory

    Request Filtering: Allow double escaping


    Domain Controller Setup
    GPOs:

     Root CA Distribution:
    Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted
    Root Certification Authorities

     Auto-Enrollment:
    Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate
    Services Client – Certificate Enrollment Policy

    Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate
    Services Client – Auto-Enrollment

    User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate
    Services Client – Certificate Enrollment Policy

    User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate
    Services Client – Auto-Enrollment
    Enterprise CA Setup
    CDP

    C\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
    file://pki.evilcorp.org/pki/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl

    http://pki.evilcorp.org/pki/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl

    AIA

    C\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><CertificateName>.crt

    http://pki.evilcorp.org/pki /<ServerDNSName>_<CaName><CertificateName>.crt
    Certificate Templates
     PowerShell Code Signing
     Domain Computer
     Domain User
     SSL
    Lab Demo

    You might also like