• Create a Certificate Authority (CA)
• Create certificate profiles for SSL servers and end-entities
• Generate server and user certificates
• Certificate renewal
o Show the process with an example
o Setup email notifications for renewals
• Certificate revocation
o Show the process of revocation with an example
o Create a Certificate Revocation List (CRL) and show its content after certificate revocation
o Enable CSP and show a message exchange
• Investigate and report on the use of hardware tokens as lightweight hardware security modules
o USB tokens
• Store certificates and CRLs in LDAP
• Enable timer services, i.e. procedures that should be run on a timely basis:
o 'CRL Updater' that automatically updates the CRL.
o 'Certificate Expiration Checker' that checks if a CA has certificates about to expire and sends an email notification to the end user and/or the administrator.
o 'User Password Expire Service' that checks if a user hasn't enrolled for a new certificate within a certain amount of time after been registered, and if so expires that user's possibility to enroll.
o 'HSM Keepalive Service' that periodically tests crypto tokens to avoid connection timeouts.