nodeserver2003
server2003 时间:2021-03-29 阅读:()
InstallingandConfiguringaWindowsServer2003EnterpriseCertificationAuthorityCertificationAuthoritiescanissuecertificatestousersandcomputersforavarietyofpurposes.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
- nodeserver2003相关文档
- andNTLMv2authenticationserver2003
- applicationserver2003
- toolsCoreserver2003
- 集群server2003
- 安装项目1 Windows Server2003安装与网络配置
- 服务器Windows Server2003配置
PQ.hosting全线9折,1Gbps带宽不限流量VPS/€3/月,全球11大机房可选
Hostadvice主机目录对我们的服务进行了测试,然后给PQ.hosting颁发了十大WordPress托管奖。为此,宣布PQ.Hosting将在一周内进行折扣优惠,购买和续订虚拟服务器使用优惠码:Hostadvice ,全部优惠10%。PQ.hosting,国外商家,成天于2019年,正规公司,是全球互联网注册商协会 RIPE 的成员。主要是因为提供1Gbps带宽、不限流量的基于KVM虚拟的V...
PacificRack:洛杉矶KVM月付1.5美元起,1G内存套餐年付12美元起
PacificRack在本月发布了几款特价产品,其中最低款支持月付仅1.5美元,基于KVM架构,洛杉矶机房,PR-M系列。PacificRack简称PR,QN机房旗下站点,主要提供低价VPS主机产品,基于KVM架构,数据中心为自营洛杉矶机房,现在只有PR-M一个系列,分为了2个类别:常规(Elastic Compute Service)和多IP产品(Multi IP Server)。下面列出几款秒...
快快云:香港沙田CN2/美国Cera大宽带/日本CN2,三网直连CN2 GIA云服务器和独立服务器
快快云怎么样?快快云是一家成立于2021年的主机服务商,致力于为用户提供高性价比稳定快速的主机托管服务,快快云目前提供有香港云服务器、美国云服务器、日本云服务器、香港独立服务器、美国独立服务器,日本独立服务器。快快云专注为个人开发者用户,中小型,大型企业用户提供一站式核心网络云端服务部署,促使用户云端部署化简为零,轻松快捷运用云计算!多年云计算领域服务经验,遍布亚太地区的海量节点为业务推进提供强大...
server2003为你推荐
-
微信回应封杀钉钉微信大封杀什么时候结束微信回应封杀钉钉微信发过来的钉钉链接打不开?地图应用看卫星地图哪个手机软件最好。嘀动网动网和爱动网各自的优势是什么?网站检测如何进行网站全面诊断www.5ff.comhttp://www.940777.com/网站,是不是真的网投六合www.mywife.ccmywife哪部最经典www.kaspersky.com.cn卡巴斯基中国总部设立在?bbs2.99nets.com让(bbs www)*****.cn进入同一个站66smsm.comffff66com手机可以观看视频吗?