nodeserver2003
server2003 时间:2021-03-29 阅读:()
InstallingandConfiguringaWindowsServer2003EnterpriseCertificationAuthorityCertificationAuthoritiescanissuecertificatestousersandcomputersforavarietyofpurposes.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
- nodeserver2003相关文档
- andNTLMv2authenticationserver2003
- applicationserver2003
- toolsCoreserver2003
- 集群server2003
- 安装项目1 Windows Server2003安装与网络配置
- 服务器Windows Server2003配置
HostKvm($4.25/月)俄罗斯/香港高防VPS
HostKvm又上新了,这次上架了2个线路产品:俄罗斯和香港高防VPS,其中俄罗斯经测试电信CN2线路,而香港高防VPS提供30Gbps攻击防御。HostKvm是一家成立于2013年的国外主机服务商,主要提供基于KVM架构的VPS主机,可选数据中心包括日本、新加坡、韩国、美国、中国香港等多个地区机房,均为国内直连或优化线路,延迟较低,适合建站或者远程办公等。俄罗斯VPSCPU:1core内存:2G...
DiyVM独立服务器:香港沙田服务器,5M带宽CN2线路,L5630*2/16G内存/120G SSD硬盘,499元/月
diyvm怎么样?diyvm商家VPS主机均2GB内存起步,三个地区机房可选,使用优惠码后每月69元起;DiyVM独立服务器开设在香港沙田电信机房,CN2线路,5M带宽,自动化开通上架,最低499元/月,配置是L5630*2/16G内存/120G SSD硬盘。DiyVM是一家成立于2009年的国人主机商,提供的产品包括VPS主机、独立服务器租用等,产品数据中心包括中国香港、日本大阪和美国洛杉矶等,...
iON Cloud七月促销适合稳定不折腾的用户,云服务器新购半年付8.5折,洛杉矶/圣何塞CN2 GT线路,可选Windows系统
iON Cloud怎么样?iON Cloud今天发布了7月份优惠,使用优惠码:VC4VF8RHFL,新购指定型号VPS半年付或以上可享八五折!iON的云服务器包括美国洛杉矶、美国圣何塞(包含了优化线路、CN2 GIA线路)、新加坡(CN2 GIA线路、PCCW线路、移动CMI线路)这几个机房或者线路可供选择,有Linux和Windows系统之分,整体来说针对中国的优化是非常明显的,机器稳定可靠,比...
server2003为你推荐
-
外挂购买外挂什么意思permissiondenied求问permission denied是什么意思啊?特朗普取消访问丹麦特朗普访华后还会去那里?商标注册流程及费用我想注册商标一般需要什么流程和费用?甲骨文不满赔偿劳动法员工工作不满一个月辞退赔偿标准7788k.com以前有个网站是7788MP3.com后来改成KK130现在又改网站域名了。有知道现在是什么域名么?地陷裂口天上顿时露出一个大窟窿地上也裂开了,一到黑幽幽的深沟可以用什么四字词语来?百花百游迎得春来非自足,百花千卉共芬芳什么意思www.bbb551.com广州欢乐在线551要收费吗?javlibrary.com大家有没有在线图书馆WWW。QUESTIA。COM的免费帐号