nodeserver2003
server2003 时间:2021-03-29 阅读:()
InstallingandConfiguringaWindowsServer2003EnterpriseCertificationAuthorityCertificationAuthoritiescanissuecertificatestousersandcomputersforavarietyofpurposes.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
- nodeserver2003相关文档
- andNTLMv2authenticationserver2003
- applicationserver2003
- toolsCoreserver2003
- 集群server2003
- 安装项目1 Windows Server2003安装与网络配置
- 服务器Windows Server2003配置
提速啦(69元起)香港大带宽CN2+BGP独享云服务器
香港大带宽服务器香港大带宽云服务器目前市场上可以选择的商家十分少,这次给大家推荐的是我们的老便宜提速啦的香港大带宽云服务器,默认通用BGP线路(即CN2+BGP)是由三网直连线路 中国电信骨干网以及HGC、NTT、PCCW等国际线路混合而成的高品质带宽(精品带宽)线路,可有效覆盖全球200多个国家和地区。(适用于绝大部分应用场景,适合国内外访客访问,域名无需备案)提速啦官网链接:点击进入香港Cer...
青云互联:美国洛杉矶CN2弹性云限时八折,15元/月起,可选Windows/可自定义配置
青云互联怎么样?青云互联是一家成立于2020年6月的主机服务商,致力于为用户提供高性价比稳定快速的主机托管服务,目前提供有美国免费主机、香港主机、香港服务器、美国云服务器,让您的网站高速、稳定运行。美国cn2弹性云主机限时8折起,可选1-20个IP,仅15元/月起,附8折优惠码使用!点击进入:青云互联官方网站地址青云互联优惠码:八折优惠码:ltY8sHMh (续费同价)青云互联活动方案:美国洛杉矶...
GigsGigsCloud:$16/月KVM-1GB/30GB/1TB/1.6T高防/洛杉矶CN2 GIA+AS9929
GigsGigsCloud是一家成立于2015年老牌国外主机商,提供VPS主机和独立服务器租用,数据中心包括美国洛杉矶、中国香港、新加坡、马来西亚和日本等。商家VPS主机基于KVM架构,绝大部分系列产品中国访问速度不错,比如洛杉矶机房有CN2 GIA、AS9929及高防线路等。目前Los Angeles - SimpleCloud with Premium China DDOS Protectio...
server2003为你推荐
-
云爆发什么是蒸汽云爆炸?要具备那些条件?摩根币摩根币到底是什么是不是骗局Baby被问婚变绯闻终于知道黄晓明为什么会娶baby中老铁路中长铁路的铁路的新中国历史22zizi.comwww 地址 didi22怎么打不开了,还有好看的吗>com百花百游百花百游的五滴自游进程www.522av.com在白虎网站bhwz.com看电影要安装什么播放器?www.sesehu.comwww.121gao.com 是谁的网站啊百度指数词为什么百度指数里有写词没有指数,还要购买www.kknnn.com求有颜色的网站!要免费的