Peyton Malveaux PKI Lab

Overview of the PKI Lab

Our lab focused on setting up a Public Key Infrastructure (PKI) to secure communications and enforce authentication standards. We used Windows Server to configure Certification Authorities (CAs) and issued certificates to ensure confidentiality, integrity, and authentication.

• Configured a Root Certification Authority (CA) and a Subordinate CA for efficient certificate management.
• Issued certificates for users and servers to enable HTTPS and secure email communication.
• Tested encrypted communication channels using issued certificates.

Steps to Set Up PKI

1. Set Up the Root CA: Configured the root CA with a self-signed certificate to establish trust within the infrastructure.
2. Deploy the Subordinate CA: Issued a certificate for the subordinate CA from the root CA and configured it to handle certificate requests.
3. Issue Certificates:
   • Generated certificates for web servers to enable HTTPS.
   • Issued certificates for users to enable secure email communication via S/MIME.
4. Test Secure Communications: Verified encrypted communication between clients and servers using the issued certificates.

Challenges and Solutions

During the implementation, we encountered challenges such as certificate revocation list (CRL) configurations and ensuring interoperability with various client systems. These were addressed by:

• Properly configuring CRLs and ensuring they were accessible to all clients.
• Testing certificate usage on multiple platforms to identify and resolve compatibility issues.

Screenshots

Below are screenshots showcasing key steps and results from the lab:

Generate a Certificate Signing Request (CSR)

Getting the browser to accept our CA certificate.

Setting up the malicious website

Becoming the man in the middle

ERROR: Cannot Access Youtube With SeedLab Certificate

Creating a proper certificate for Youtube.com

Result of Accessing Youtube.com