Master Class: Public Key Infrastructure (PKI) Deep Dive (PKIDD)


Course Overview

For many, the topic of PKI is a book with (at least) seven seals. Certificates have become an indispensable part of today's world - especially when it comes to security, the topic of PKI is deeply rooted. We have completely rebuilt this course with the knowledge from our PKI trainings of the last decades. In five days you will become a PKI expert. Starting with the basics (private & public keys, digital signature and TLS) to high-end topics like multi-level PKIs, algorithms, virtual smart cards and much more: Public Key Infrastructure - after this course, you'll be juggling all topics related to PKI!

Who should attend

This course is intended for experienced system administrators, consultants and Active Directory designers.


At least 5 years of experience with servers and client systems, at least 3 years of experience with Active Directory.

Course Objectives

After this seminar you will be able to design, create and operate highly secure Public Key Infrastructures.

Course Content

  • Windows Server 2016 / 2019 / 2022 PKI
  • Design and implementation of a multi-tier 2019 PKI
  • PKI administration with role separation
  • Certificate templates type 1, 2, 3 and 4
  • Key archiving and recovery
  • Windows 10 & Windows Server 2019 Enrollment
  • Smart Cards
  • Virtual Smart Card (VSC) - SCAMA - TPM Key Attestation
  • EFS Encrypted File System
  • Certificate Revocation List - CRLOverlap
  • Online Certificate Status Protocol (OCSP)
  • Certificate Renewal
  • Auditing & Troubleshooting
  • Network Device Enrollment Service (NDES)
  • Backup / Recovery of PKI Database
  • Certificate Lifecycle Notification (Optional)

Training environment:

In the training environment we work completely with Hyper-V. For the proactive setup of the training environment we use a Powershell script that allows you to create new virtual machines in seconds. The script was developed by your trainer himself and enables the training setup according to the customer's wishes in extreme speed with little effort.


Each participant has a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows:

  • At least 256 GB RAM up to 768 GB RAM (!)
  • at least 40 vCores
  • 2 NVME-SSDs with at least 3,000 MB/s write and at least 2,000 MB/s read
  • 1 Gbit to the Internet total bandwidth

Your Trainer:

The Advanced Master Class was developed by Andy Wendel and is delivered by himself and his experienced team. Andy Wendel has been a trainer for over 20 years with deep experience in Active Directory, Public Key Infrastructure, Group Policy, WSUS as well as HyperV and the System Center suite. In addition to his work as a Senior Cloud Architect & Consultant in large data centers, Andy Wendel has also been to Microsoft in Redmond to troubleshoot storage spaces for a large data center operator. Andy Wendel is an MCLC (one of 46 worldwide), as well as an MCSE and MCT. In 2016, Andy Wendel earned the Certified Security Master Specilization: Advanced Windows Security 2017 through Paula Januszkiewicz (one of the top 20 security experts in the world). Only 100 participants worldwide were admitted to this course and only 4 German participants also managed to pass the exam. Andy Wendel completed this with distinction. This training was attended again in 2018, 2019, 2020 and 2021 and 2022.

Prices & Delivery methods

Online Training

5 days

  • on request
Classroom Training

5 days

  • on request


Instructor-led Online Training:   Course conducted online in a virtual classroom.


7 hours difference

Online Training Time zone: Eastern Standard Time (EST)
Online Training Time zone: UTC+8

8 hours difference

Online Training Time zone: Australian Eastern Standard Time (AEST)