PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $39.82
Usually ships in 1-2 business days
(Save 38%)
Other sellers (Paperback)
  • All (10) from $39.82   
  • New (5) from $46.42   
  • Used (5) from $39.82   


The only complete guide to designing, implementing, and supporting state-of-the-art certificate-based identity solutions with PKI

  • Layered approach is designed to help readers with widely diverse backgrounds quickly learn what they need to know
  • Covers the entire PKI project lifecycle, making complex PKI architectures simple to understand and deploy
  • Brings together theory and practice, including on-the-ground implementers' knowledge, insights, best practices, design choices, and troubleshooting details

PKI Uncovered brings together all the techniques IT and security professionals need to apply PKI in any environment, no matter how complex or sophisticated. At the same time, it will help them gain a deep understanding of the foundations of certificate-based identity management. Its layered and modular approach helps readers quickly get the information they need to efficiently plan, design, deploy, manage, or troubleshoot any PKI environment. The authors begin by presenting the foundations of PKI, giving readers the theoretical background they need to understand its mechanisms. Next, they move to high-level design considerations, guiding readers in making the choices most suitable for their own environments. The authors share best practices and experiences drawn from production customer deployments of all types. They organize a series of design "modules" into hierarchical models which are then applied to comprehensive solutions. Readers will be introduced to the use of PKI in multiple environments, including Cisco router-based DMVPN, ASA, and 802.1X. The authors also cover recent innovations such as Cisco GET VPN. Throughout, troubleshooting sections help ensure smooth deployments and give readers an even deeper "under-the-hood" understanding of their implementations.

Read More Show Less

Product Details

Table of Contents

Part 1: Core Concepts

1. Crypto Refresh

2. PKI Building Blocks

3. Processes and Procedures

4. Chapter: Troubleshooting

Part 2: Design and Solutions

5. Generic PKI designs

6. Integration in large scale site-to-site VPN solutions

7. Integration in remote access VPN solutions

8. Integration in Voice over IP solutions

9. Other usages of PKI (to be changed)

10. Case studies

11. VPN

12. Deploying PKI using management tools

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Anonymous

    Posted June 24, 2012

    Excellent PKI Implementation Oveview

    I obtained PKI Uncovered at the Sonoran Desert Security Users Group (SDSUG) meeting since I am in the process of implementing a PKI solution. While the book is relatively small, 253 pages, it is a valuable resource for anyone implementing PKI.

    The book is composed of 3 parts Core Concepts, Design Solutions and Case Studies. If you are a security person, Chapter 1 through 3 of Part 1 Core Concepts is a good refresher but can be skipped. It covers the importance of using PKI; provides a brief crypto refresher; lays out the hierarchy of certification authorities (CA); and lastly describes the PKI processes including certificate enrollment, expiration, renewal, verification and enforcement. Chapter 4 of Part 1 Core Concepts provides detailed troubleshooting guidance related to key generation, the enrollment process as well as certificates in use. The flow charts at the end of the chapter are excellent and I have dog eared them since they come in handy.

    The meat of this book is Part 2, Design Solutions and is the must read part of this book. It begins with a generic model that the other chapters build on. Chapter 6 concentrates on the configuration and troubleshooting of DMVPN and GETVPN. Chapter 7 gives a good explanation of deploying IPSec VPN using Cisco ASA. Chapter 8 brings in 802.1x certificates using EAP-TLS for identity based networking. Chapter 9 discusses the topic of Unified Communications and shows how to link the different certificates in IP-telephony and management servers by using a Certificates Trusted List file.

    Part 3 contains two case studies: one examines PKI in a cisco virtual private office scenario; and the other using cisco security manager to deploy vpns with PKI.

    PROS: Provides the basic concepts behind PKI technologies with CICSO configuration examples. Troubleshooting sections are well written. Another excellent book from CISCO press.

    CONS: All examples are only useful for CISCO IOS devices and does not address other popular solution such as Microsoft PKI. A glossary of terms would be beneficial.

    Was this review helpful? Yes  No   Report this review
  • Posted May 26, 2011

    another good book from the talented cadre of cisco press authors

    PKI Uncovered

    An implementation guides, the school is suitable for PKI implementation or support engineers, security architects, security engineers and security solution integrators. While accessible to security executives and perhaps CIOs, its primary audience is security solution implementers.

    Organized into three categories, and eleven chapters, the 245 page book provides a cursory overview of PKIs and the underlying technologies including encryption, digital certificates and digital signatures; a set of design guidelines and procedures as well as two cogent case studies.

    Chapter one is a thirteen page refresher of what the authors consider pertinent "crypto refresh" where they present the basis for encryption as confidentiality, integrity and non-repudiation and a broad scan of symmetric and asymmetric encryption, hashes, digital signature and internet key exchanges. For an in-depth or even intermediate review of these topics, you must consult other sources.

    Chapter two lays out the core components or building blocks of a PKI; certificates and their basic structure, certificate authority aka CA, registration authority or RA, certificate storage in various devices and systems, and endpoint entities. In chapter three, the authors describe some essential PKI processes, including certificate enrollment, expiration and renewal, verification and enforcement, as well as the concept of PKI system resiliency. Additional topics include certificate revocation, certificate rollover and integration with a AAAA server. The last chapter of the core concept section, chapter four focuses on troubleshooting - from troubleshooting issues related to the encryption keys, to the enrollment process as well as certificates in use. While the design guidelines are mostly generic, the commands are only useful for ciscio IOS devices. Many enterprise PKI solutions will rely on Microsoft PKI (in Windows Servers) or OpenSSL based solution on *NIX systems. The commands will of course be different. Also, the recommendation on database storage on an FTP server may not provide the most robust solution for security and resiliency.

    Chapters seven through nine addresses several design and deployment solutions from a review of generic PKI designs (chapter 5), to various integration options (chapter 6: large scale site-to-site vpn; chapter7: remote access vpn; chapter 8: 802.1x certificate and identity based networking; and chapter 9: unified communications)

    The last section presents two case studies: one highlighting PKI in a cisco virtual private office scenario; and the other in using cisco security manager to configure vpns with PKIs.

    This is another good book from the talented cadre of cisco press authors. The authors demonstrated expertise flair on the requisite cis

    Was this review helpful? Yes  No   Report this review
  • Posted March 8, 2011

    more from this reviewer

    certificate management

    The book starts off with a quick chapter on the qualitative features of Public Key Infrastructure [PKI]. There is no maths in the entire text. Deliberately so, as this factors out the administrative issues in managing a PKI implementation, and pushes the maths deep into the underlying packages. Hopefully, you have encountered the ideas in asymmetric encryption elsewhere, because if this is the first time, chapter 1's walkthrough might seem rather mysterious.

    Going further into the book, you can see that Cisco's PKI offering revolves around the management of certificates and their associated private and public key pairs. You should carefully look at the example of a certificate on page 17. While it can seem daunting at first, try to understand as many of the example's lines ['fields'] as possible. It is meant to be human readable, and if you are going to administer a network where these are used, you should regard the understanding as part of your duties. In the context of Cisco, the follow on examples on pages 30-33 illustrate more fields specific to their implementation.

    Chapter 4 on troubleshooting may be the most useful to you on an ongoing basis, once you have PKI running. It mostly revolves around certificate management and about checking that you have a valid PKI hierarchy.

    Later chapters describe more specialised though still important cases. Of these, perhaps the use of Cisco's PKI in a virtual private network is the most significant. If your situation needs a VPN for its privacy and security, then maintaining correct PKI usage can be vital.

    Chapter 10 on the Cisco Virtual Office seems very abbreviated, inasmuch as it relates to PKI. You might want to check out other more extensive documentation on CVO.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted November 19, 2010

    No text was provided for this review.

Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)