nodeserver2003
server2003 时间:2021-03-29 阅读:()
InstallingandConfiguringaWindowsServer2003EnterpriseCertificationAuthorityCertificationAuthoritiescanissuecertificatestousersandcomputersforavarietyofpurposes.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
InthecontextoftheISAServer2000ExchangeServer2000/2003DeploymentKit,certificatescanbeusedfor:ClientauthenticationbytheWebProxyserviceontheISAServerfirewallUserauthenticationbyanOWAuseronaremotenetworkCreatinganSSLlinkbetweentheOWAclientandIncomingWebRequestslistenerCreatinganSSLlinkbetweentheinternalinterfaceoftheISAServerfirewallandtheOWAsiteontheinternalnetworkAllowingcertificateauthenticationforanIPSectransportmodeconnectionbetweenafront-endandback-endExchangeServerSecureSMTP/POP3/IMAP4/NNTPconnectionstotheExchangeServerAMicrosoftCertificateServercantakeononeoffourroles:EnterpriseRootCAEnterpriseSubordinateCAStand-aloneRootCAStand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomainTheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesnodeforallusersandcomputersinthedomainUsercertificatescanbeissuedthatallowuserstologontotheActiveDirectorydomainusingcomputer-storedcertificatesorcertificatesinstalledonSmartCardsUsercertificatesandtheCertificateRevocationList(CRL)arestoredintheActiveDirectoryIncontrasttostand-aloneCAs,anenterpriseCAissuescertificatesviacertificatetemplatesthatcanbeaddedandcustomizedbytheCAadministratorIncontrasttothestand-aloneCA,theenterpriseCAconfirmsthecredentialsoftheuserrequestingacertificateThesubjectname(thenameoftheuserorcomputer)onthecertificatecanbeenteredmanuallyorautomaticallyWerecommendthatyouinstallanEnterpriseCAif:YouhaveanActiveDirectorydomain,and/orYourequireautomaticdeploymentofcertificatestousersandcomputersTheenterpriseCAistheidealsolutionforanynetworkwithaWindows2000orWindowsServer2003domain.
AlldomainmemberscanbeassignedcertificatesviaGroupPolicybasedcertificateautoenrollment.
Youcanlimitthescopeofautoenrollmentbyassigningpermissionstothecertificatetemplateusedforautoenrollment.
UsersandcomputersthatarenotdomainmemberscanusetheWebenrollmentsitetoobtaincertificates.
IfyouwanttosupportcertificateenrollmentviaWebenrollmentsite,thenyoumustinstalltheInternetInformationServicesWorldWideWebservicebeforeinstallingMicrosoftCertificateServices.
InthisISAServer2000ExchangeServer2000/2003DeploymentKitdocumentwecoverthefollowingprocedures:InstallingtheInternetInformationServices6.
0WorldWideWebservice(W3SVC)tosupporttheenterpriseCAWebenrollmentsiteInstallingtheWindowsServer2003CertificateServicesonadomaincontroller.
TheCAisinstalledasanenterpriseCA.
Note:YoucaninstallanenterpriseCAonanydomainmember.
Themachinedoesnotneedtobeadomaincontroller.
InstallingMicrosoftInternetInformationServicesWorldWideWebServicePerformthefollowingstepstoinstallIIS6.
0ontheWindowsServer2003memberserverordomaincontrollercomputerthatwillbetheenterpriseCA:ClickStart,pointtoControlPanelandclickAddorRemovePrograms.
ClicktheAdd/RemoveWindowsComponentsbuttonintheAddorRemoveProgramswindow(figure1).
Figure1OntheWindowsComponentswindow,clickontheApplicationServerentryandclicktheDetailsbutton(figure2).
Figure2OntheApplicationServerpage,clickontheInternetInformationServices(IIS)entryandclicktheDetailsbutton(figure3).
Figure3IntheInternetInformationService(IIS)dialogbox,putacheckmarkintheWorldWideWebServicecheckboxandclickOK(figure4).
Figure4ClickOKontheApplicationServerdialogbox(figure5).
Figure5ClickNextontheWindowsComponentsdialogbox(figure6).
Figure6ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure7).
Figure7InstallingMicrosoftCertificateServicesPerformthefollowingstepstoinstallandconfigureanenterpriseCAonaWindowsServer2003computer:Note:YoumustinstalltheenterpriseCAonamemberserverordomaincontrolleronyourinternalnetwork.
Atamemberserverordomaincontrollerinyourinternalnetwork,logonasadomainadministrator.
ClickStart,pointtoControlPanelandclickAdd/RemovePrograms.
IntheAddorRemoveProgramswindow(figure8),clicktheAdd/RemoveWindowsComponentsbutton.
Figure8IntheWindowsComponentsdialogbox(figure9),clickontheCertificateServicesentryandclicktheDetailsbutton.
Figure9IntheCertificateServicesdialogbox,putacheckmarkintheCertificateServicesCAcheckbox(figure10).
AMicrosoftCertificateServicesdialogboxappearsandinformsyouthatyoucannotchangethemachinenameorthedomainmembershipofthemachinewhileitactsasacertificateserver.
ReadtheinformationinthedialogboxandclickYes.
Figure10BoththeCertificateServicesCAandCertificateServicesWebEnrollmentSupportcheckboxesarechecked(figure11).
ClickOKintheCertificateServicesdialogbox.
Figure11ClickNextintheWindowsComponentsdialogbox(figure12).
Figure12SelecttheEnterpriserootCAoptionontheCATypepage(figure13).
ClickNext.
Figure13OntheCAIdentifyingInformationpage(figure14),typeinaCommonnameforthisCA.
ThecommonnameoftheCAistypicallytheDNShostnameorNetBIOSname(computername)ofthemachinerunningCertificateServices.
Inthisexample,thenameofthemachineisWIN2003DC,soweenterWIN2003DCintheCommonnameforthisCAtextbox.
ThedefaultValidityPeriodoftheCA'sself-signedcertificateis5years.
Acceptthisdefaultvalueunlessyouhaveareasontochangeit.
ClickNext.
Figure14OntheCertificateDatabaseSettingspage(figure15),usethedefaultlocationsfortheCertificateDatabaseandCertificateDatabaseLog.
YoudonotneedtospecifyasharedfoldertostoreconfigurationinformationbecausethisinformationwillbestoredintheActiveDirectory.
ClickNext.
Figure15ClickYesontheMicrosoftCertificateServicesdialogbox(figure16)informingyouInternetInformationServicesmustbetemporarilystopped.
Figure16ClickYesontheMicrosoftCertificateServicesdialogbox(figure17)informingyouActiveServerPagesmustbeenabledonIISifyouwishtousetheCertificateServicesWebenrollmentsite.
Figure17ClickFinishontheCompletingtheWindowsComponentsWizardpage(figure18).
Figure18ClosetheAddorRemoveProgramswindow.
TheEnterpriseCertificateAuthorityisnowinstalledandcanissuecertificateswithoutrequiringamachinerestart.
- nodeserver2003相关文档
- andNTLMv2authenticationserver2003
- applicationserver2003
- toolsCoreserver2003
- 集群server2003
- 安装项目1 Windows Server2003安装与网络配置
- 服务器Windows Server2003配置
快云科技:夏季大促销,香港VPS7.5折特惠,CN2 GIA线路; 年付仅不到五折巨惠,续费永久同价
快云科技怎么样?快云科技是一家成立于2020年的新起国内主机商,资质齐全 持有IDC ICP ISP等正规商家。我们秉承着服务于客户服务于大众的理念运营,机器线路优价格低。目前已注册用户达到5000+!主营产品有:香港弹性云服务器,美国vps和日本vps,香港物理机,国内高防物理机以及美国日本高防物理机!产品特色:全配置均20M带宽,架构采用KVM虚拟化技术,全盘SSD硬盘,RAID10阵列, 国...
无忧云:洛阳BGP云服务器低至38.4元/月起;雅安高防云服务器/高防物理机优惠
无忧云怎么样?无忧云,无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,主要销售国内、中国香港、国外服务器产品,线路有腾讯云国外线路、自营香港CN2线路等,都是中国大陆直连线路,非常适合免备案建站业务需求和各种负载较高的项目,同时国内服务器也有多个BGP以及高防节点。一、无忧云官网点击此处进入无忧云官方网站二...
【IT狗】在线ping,在线tcping,路由追踪
IT狗为用户提供 在线ping、在线tcping、在线路由追踪、域名被墙检测、域名被污染检测 等实用工具。【工具地址】https://www.itdog.cn/【工具特色】1、目前同类网站中,在线ping 仅支持1次或少量次数的测试,无法客观的展现目标服务器一段时间的网络状况,IT狗Ping工具可持续的进行一段时间的ping测试,并生成更为直观的网络质量柱状图,让用户更容易掌握服务器在各地区、各线...
server2003为你推荐
-
月神谭求古典武侠类的变身小说~!百度关键词分析关键词怎么分析?www.yahoo.com.hk香港有什么有名的娱乐门户网站吗?网站检测如何进行网站全面诊断www.44ri.comwww.yydcsjw.com336.com求一个游戏的网站 你懂得ip查询器查看自己IP的指令baqizi.cc孔融弑母是真的吗?www.15job.com广州天河区的南方人才市场www.mfav.orgwww.osta.org.cn国家职业资格证书全国联网查询,为什么随便输入什么都可以查,都要验证码