Click "Add Roles".
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image001 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211264389.png "alt=" clip_image001 "height=" 379 "border=" 0 "width="/> "
Select Active Directory Certificate Services.
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image002 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211314328.png "alt=" clip_image002 "height=" 382 "border=" 0 "width=" 516 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image003 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/20120919221135886.png "alt=" clip_image003 "height=" 385 "border=" 0 "width=" 520 "/>
When you select certification authority Web enrollment, you are prompted to add the required role services.
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image004 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/20120919221138627.png "alt=" clip_image004 "height=" 226 "border=" 0 "width=" 467 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image005 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211426596.png "alt=" clip_image005 "height=" 378 "border=" 0 "width=" 511 "/>
Select the Enterprise CA.
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image006 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211459783.png "alt=" clip_image006 "height=" 384 "border=" 0 "width=" 519 "/>
Select "Root CA".
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image007 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/20120919221149703.png "alt=" clip_image007 "height=" 385 "border=" 0 "width=" 520 "/>
Select "New Private Key".
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image008 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211546804.png "alt=" clip_image008 "height=" 387 "border=" 0 "width=" 523 "/>
Select "Next".
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image009 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192211595663.png "alt=" clip_image009 "height=" 390 "border=" 0 "width=" 527 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image010 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212034141.png "alt=" clip_image010 "height=" 394 "border=" 0 "width=" 533 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image011 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212071538.png "alt=" clip_image011 "height=" 397 "border=" 0 "width=" 537 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image012 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212116635.png "alt=" clip_image012 "height=" 401 "border=" 0 "width=" 542 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image013 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212173118.png "alt=" clip_image013 "height=" 407 "border=" 0 "width=" 550 "/>
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image014 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212221138.png "alt=" clip_image014 "height=" 413 "border=" 0 "width=" 558 "/>
Start the installation.
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image015 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/20120919221228337.png "alt=" clip_image015 "height=" 415 "border=" 0 "width=" 561 "/>
The CA installation is complete.
650) this.width=650; "Style=" background-image:none;padding-left:0px;padding-right:0px;padding-top:0px;border:0px ; "title=" clip_image016 "src=" Http://images.cnblogs.com/cnblogs_com/sunscz/201209/201209192212333689.png "alt=" clip_image016 "height=" 419 "border=" 0 "width=" 568 "/>
In this section, we completed the domain control server creation of the domain and the operation to create the CA.
A certificate has two functions:
The first is to prove the identity of the remote computer.
The second function is to encrypt the transmission, encrypted transmission is to protect our data in the Internet transmission of a way, so that our password will not be in the Internet network in clear text transmission, can be very effective to prevent password theft, the user to steal.
We also need to export the certificate Authority root certificate that we set up in our domain so that we can import the exported root certificate into a non-domain user's computer to trust our Lync server in the future, thus using Lync features normally.
We click "Start" on the DC and enter CertMgr in the search bar.
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210213581.png "border=" 0 "/>
Then, in the Open Certificates snap-in, expand Trusted Root Certification Authorities, and then locate the Contoso CA certificate that we built, right-select all Tasks-Export
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210213770.png "border=" 0 "/>
The Certificate Export Wizard will open and we'll use this wizard to export the certificate authority's root certificate, and we'll click Next.
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210644518.png "border=" 0 "/>
Here you need to choose the format to use, respectively. CER and. P7B, these formats are all possible, in most cases we choose P7B.
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210644517.png "border=" 0 "/>
Then we need to specify a location and file name to hold the exported root certificate.
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210644688.png "border=" 0 "/>
Click Next to confirm the confirmation screen and click Finish to export the certificate.
650) this.width=650; "src=" http://img1.51cto.com/attachment/201203/210658575.png "border=" 0 "/>
We keep the exported certificates safe for later import into external users and non-domain-joined computers.
This article is from the It DreamWorks blog, so be sure to keep this source http://fly520.blog.51cto.com/2181586/1694263
CA Certificate Service setup for Lync 2010 Standard Edition (III)