Structure of this experiment
Create a domain environment (yangwj.com) and a certificate authority on sever-2.
Apply for a server certificate for the web server of sever-2 and bind https1. find the server certificate
2. start to use the Wizard to complete the server certificate application
Note that the common name is very important. The client uses this name to access the website over https.
3. Perform other steps and complete the first phase.
4. Open IE browser to apply for the second stage
5. Select advanced application and then use the encoding format.
6. Copy the encoding file in the previously created notepad and select the web server certificate
7. After the certificate is submitted, download and use the wizard from the previous area to complete the certificate application.
Select the downloaded certificate file and give it a memorable name.
8. Finally bind the certificate
Add sever-1 to the yangwj.com domain, and then install the directaccess function.
What do I need to do before configuring directipvcess? 1. enable advanced firewall to enable ipv6 outbound and inbound rules.
2. Two ipv4 addresses must be configured for the NIC of Sever-1.
3. Add a dns suffix to the NIC of Sever-1.
4. Apply for a computer certificate
5. Create a group for directaccess connection and add users
Start configuring directaccess
1. Add a group for connection management
2. Start configuration step 2.
3. Enter the Trusted Root Certificate and computer certificate
4. Go to Step 3 to verify the network server
To verify success, you need to apply for a certificate and bind it to the web server on sever-2 and can resolve it to the sever-2.yangwj.com
5. Configure the ipv6 dns server address (you can change it to ipv4 by yourself)
6. manually enter ipv4 and verify it
7. Configure the server ip address that can manage directaccess
8. manually configure the Server ip Address
9. The last step is Step 4. You can keep the default value directly.
10. Click Finish and apply
Client settings 1. Apply for a user certificate (use the wizard and complete)
2. Download the revocation list and import it
3. before downloading the revocation list on the client, you must specify the CRL distribution point on the Certificate Authority.
Information access from the Authority
4. Check the revocation list after installing the client.
Client Setup complete client verification remarks: due to some reasons, the client has not been successfully verified, and the last time it was accidentally verified, because the network environment I set up is not as complex as on the Internet, it may be one of the reasons, and it is based on ipv6, so I don't have an ipv6 application to test it, the network structure I have built is to place the server of the web verification client on the domain controller, which may have some impact, but note that the most important thing is to revoke access to the list, if the configuration is unsuccessful, you cannot connect to the company's intranet. In addition, this experiment can be used together with Microsoft's UAG products. However, due to various reasons, I only have to wait for a while to complete this experiment. Now I am a sophomore. I still have two years to complete this experiment. I feel very tight. I have to learn c \ c ++, java, c # by myself #, although my major is the network engineering architecture and server Management Series, these teachers will not talk about it. In general, they still rely on their own learning, therefore, there will still be deficiencies in some configuration technologies. We hope that you can study and improve them together, because such articles on the Internet do not fully describe them, so that it is difficult for people to understand, so every step is very detailed, I hope to help you