1
00:00:07,420 --> 00:00:17,170
One of the steps in the plan a PTI in your organization is to define methods for cert distribution and

2
00:00:17,170 --> 00:00:18,540
enrollment.

3
00:00:18,580 --> 00:00:27,180
In addition during the certificate management process you might need to revoke certificates reasons

4
00:00:27,180 --> 00:00:38,100
for revoking certificates can include a key becoming compromised or someone leaving the organization.

5
00:00:38,100 --> 00:00:45,600
You need to ensure that network clients can determine which certificates you have revoked before accepting

6
00:00:45,600 --> 00:00:54,420
authentication requests during the certificate lifecycle certificate or key recovery is one of the most

7
00:00:54,420 --> 00:00:57,060
important management tasks.

8
00:00:57,120 --> 00:01:07,990
If you lose your public and private keys you can use a quick archival and recovery agent for data recover.

9
00:01:08,010 --> 00:01:17,400
You can also use automatic or manual key archival and key recovery methods to ensure that you can access

10
00:01:17,820 --> 00:01:18,510
data.

11
00:01:19,020 --> 00:01:28,040
If you lose your kids so after completing this section you'll be able to describe certificate enrollment

12
00:01:28,100 --> 00:01:32,210
methods describe certificate auto enrolment.

13
00:01:32,210 --> 00:01:36,430
Explain what an enrollment agent is.

14
00:01:36,440 --> 00:01:44,390
Describe how certificate revocation works describe key archival and recovery.

15
00:01:44,390 --> 00:01:53,930
You'll be able to describe how to configure automatic key archival and configure SC for a key archival

16
00:01:55,040 --> 00:01:59,390
But as usual before we start let's answer two questions.

17
00:01:59,420 --> 00:02:00,250
Question 1.

18
00:02:00,680 --> 00:02:03,220
When do you revoke a certificate.

19
00:02:03,320 --> 00:02:08,920
Where are the farm printout of the certificate published option 1.

20
00:02:09,090 --> 00:02:19,500
CRL distribution point or CTP option to authority information access or a CIA.

21
00:02:19,520 --> 00:02:29,770
Option 3 certificate revocation list or CRL option for 18 years.

22
00:02:29,780 --> 00:02:35,980
Option 5 The on online responder servers response hero.

23
00:02:35,990 --> 00:02:46,120
Think about the answer and the correct answer is option 3 certificate revocation list or CRL when you

24
00:02:46,120 --> 00:02:54,010
revoke a certificate there's some print of the certificate publishes to the certificate revocation list

25
00:02:54,490 --> 00:03:00,530
as cereal distribution point to your real location where the cereal is stored.

26
00:03:00,820 --> 00:03:11,210
The Authority information access or a is that your railway the C certificate is located 80 days as a

27
00:03:11,220 --> 00:03:21,450
well at location for a CTP but revoked certificates do not publish directly to ADT is an online responder

28
00:03:21,460 --> 00:03:22,330
service.

29
00:03:22,430 --> 00:03:32,690
Validate the status of a specific certificate by using a local copy of the CRL but revoked certificates

30
00:03:32,720 --> 00:03:41,320
do not publish directly to an online responder or service and the second question which of the following

31
00:03:41,320 --> 00:03:55,470
actions must you take to configure key or archival honor on an ADC S C option one configure the K R

32
00:03:55,590 --> 00:04:06,420
a certificate template option to enroll a designated user for a key r a certificate option 3 publisher

33
00:04:06,450 --> 00:04:16,680
key are a public key by using group policy option for configure a recovery agent all the C and the last

34
00:04:16,680 --> 00:04:24,750
option configure desired certificate templates for key archival stop here and think about the answer

35
00:04:25,800 --> 00:04:38,020
and the answer is Option 1 option 2 option 5 and option 4 to configure key archival You should configure

36
00:04:38,020 --> 00:04:48,430
the key you are a certificate so that only trusted users can enroll for a certificate and role a trusted

37
00:04:48,430 --> 00:04:59,080
user for the key are a certificate Step 3 configure a recovery agent on the C by using the GRC certificate

38
00:04:59,950 --> 00:05:09,430
and step 4 configure the desired certificate templates for key archival You do not need to publish the

39
00:05:09,600 --> 00:05:18,680
KRG public key by using group all is so next stop will be talking about certificate enrollment methods

40
00:05:19,090 --> 00:05:20,200
I'll see you there.