nodeserver2003
server2003 时间:2021-03-29 阅读:()
InstallingandConfiguringaWindowsServer2003EnterpriseCertificationAuthorityCertificationAuthoritiescanissuecertificatestousersandcomputersforavarietyofpurposes.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
- nodeserver2003相关文档
- andNTLMv2authenticationserver2003
- applicationserver2003
- toolsCoreserver2003
- 集群server2003
- 安装项目1 Windows Server2003安装与网络配置
- 服务器Windows Server2003配置
UCloud云服务器低至年59元
最近我们是不是在讨论较多的是关于K12教育的问题,培训机构由于资本的介入确实让家长更为焦虑,对于这样的整改我们还是很支持的。实际上,在云服务器市场中,我们也看到内卷和资本的力量,各大云服务商竞争也是相当激烈,更不用说个人和小公司服务商日子确实不好过。今天有看到UCloud发布的夏季促销活动,直接提前和双十一保价挂钩。这就是说,人家直接在暑假的时候就上线双十一的活动。早年的双十一活动会提前一周到十天...
racknerd新上架“洛杉矶”VPS$29/年,3.8G内存/3核/58gSSD/5T流量
racknerd发表了2021年美国独立日的促销费用便宜的vps,两种便宜的美国vps位于洛杉矶multacom室,访问了1Gbps的带宽,采用了solusvm管理,硬盘是SSDraid10...近两年来,racknerd的声誉不断积累,服务器的稳定性和售后服务。官方网站:https://www.racknerd.com多种加密数字货币、信用卡、PayPal、支付宝、银联、webmoney,可以付...
Ftech:越南vps,2核/2G/20G SSD/1Gbps不限流量/可安装Windows系统,$12.5月
ftech怎么样?ftech是一家越南本土的主机商,成立于2011年,比较低调,国内知道的人比较少。FTECH.VN以极低的成本提供高质量服务的领先提供商之一。主营虚拟主机、VPS、独立服务器、域名等传统的IDC业务,数据中心分布在河内和胡志明市。其中,VPS提供1G的共享带宽,且不限流量,还可以安装Windows server2003/2008的系统。Ftech支持信用卡、Paypal等付款,但...
server2003为你推荐
-
vc组合洛天依的组合都有谁美国互联网瘫痪美国网络大瘫痪到底是怎么发生的h连锁酒店什么连锁酒店好嘀动网手机一键通用来干嘛呢?同ip网站一个域名能对应多个IP吗同ip域名什么是同主机域名lcoc.top服装英语中double topstitches什么意思汴京清谈求好看的鼠猫文~月风随笔赏月之后的情感?语文随笔200-400字彪言彪语寻找一个电影和里面的一首歌,国产的,根据真实故事改编的校园爱情电影,里面的男主角是个屌丝但很会弹钢