Home > Developer > Windows

[Explaining 1]windows Server CAs

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1 Environment Preparation

One DC, one client ( workgroup environment)

Now install the DNS and IIS services on DC8, and let it become a Web server

650) this.width=650; "height=" 369 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcpadfrztaadlzfqicja221.jpg "border=" 0 "/>

New default page, check http://localhost

650) this.width=650; "height=" 223 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6e/wkiom1vjb4bjmib-aaenqqmxh44677.jpg "border=" 0 "/>

DNS adds a host record

650) this.width=650; "height=" 145 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6e/wkiom1vjb4jqjvs6aacy_dvzdzi838.jpg "border=" 0 "/>

On the client side, point to DNS server (DC8) while accessing http://web.labca.com

650) this.width=650; "height=" 131 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6e/wkiom1vjb4itgcmfaacgo8bcaqk198.jpg "border=" 0 "/>

2 Installing the CA

Check Active Directory Certificate Services (do not assume that Certificate Services must be linked to AD)

650) this.width=650; "height=" 208 "title=" clip_image010 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6e/wkiom1vjb4ntqmrmaadcyflonze178.jpg "border=" 0 "/>

Groove Select certification authority Web enrollment

650) this.width=650; "height=" 138 "title=" clip_image012 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6e/wkiom1vjb4ramhnvaabw5rt3k6a798.jpg "border=" 0 "/>

Workgroup Environment

650) this.width=650; "height=" 262 "title=" clip_image014 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6e/wkiom1vjb4uzksnuaadodmbserm023.jpg "border=" 0 "/>

650) this.width=650; "height=" 218 "title=" clip_image016 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6e/wkiom1vjb4ybm1ooaab1u9jl3ny627.jpg "border=" 0 "/>

3 Configuring certificate 3.1 for website to request a certificate on IIS

650) this.width=650; "height=" 262 "title=" clip_image018 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6e/wkiom1vjb43i5wnhaaezst8l8lu259.jpg "border=" 0 "/>

650) this.width=650; "height=" 246 "title=" clip_image020 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6e/wkiom1vjb42dke3caaejz1svcty355.jpg "border=" 0 "/>

650) this.width=650; "height=" 424 "title=" clip_image022 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6e/wkiom1vjb47t1c3paadzgzdyz6u871.jpg "border=" 0 "/>

650) this.width=650; "height=" 131 "title=" clip_image024 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcqcxkeglaacfguddj38983.jpg "border=" 0 "/>

Export the request certificate information

3.2 Accessing the CA Issuance Web page

Select "Request a certificate"

650) this.width=650; "height=" 283 "title=" clip_image026 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image026 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcqghpwn5aafhaktxepe084.jpg "border=" 0 "/>

Submit an Advanced certificate request

650) this.width=650; "height=" 169 "title=" clip_image028 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image028 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6e/wkiom1vjb5hjxkz5aactd7xasv8844.jpg "border=" 0 "/>

650) this.width=650; "height=" 202 "title=" clip_image030 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image030 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6e/wkiom1vjb5kyap86aaeci_dkwfu594.jpg "border=" 0 "/>

Copy the encoded information that just generated the base64.

650) this.width=650; "height=" 333 "title=" clip_image032 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image032 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6e/wkiom1vjb5oimxvtaaehpuvghw0292.jpg "border=" 0 "/>

In a workgroup environment: Administrators are required to issue certificates manually because they do not trust each other

650) this.width=650; "height=" 188 "title=" clip_image034 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image034 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcqwhpjysaac2kzt6scu826.jpg "border=" 0 "/>

650) this.width=650; "height=" "title=" clip_image036 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image036 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcqbicr5waacan86y2bm522.jpg "border=" 0 "/>

Of course, administrators can also revoke certificates

650) this.width=650; "height=" "title=" clip_image038 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image038 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcqfsjxxwaab7manmogm251.jpg "border=" 0 "/>

3.3 Downloading and viewing certificates

We'll go back home.

-click "View the status of a pending certificate request"

650) this.width=650; "height=" 261 "title=" clip_image040 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image040 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcqegusvzaafeh-ortr4825.jpg "border=" 0 "/>

650) this.width=650; "height=" 339 "title=" clip_image042 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image042 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcqibdrz6aadd071mpa4588.jpg "border=" 0 "/>

Download a good certificate, the certificate can be understood as a tool, need to continue to application/website with the state.

3.4 Bond Certificate

Go back to the IIS console select Complete Certificate request

650) this.width=650; "height=" 311 "title=" clip_image044 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image044 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcqncoigkaadhz82ayqi533.jpg "border=" 0 "/>

650) this.width=650; "height=" 397 "title=" clip_image046 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image046 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcqqgkixdaac-jtacdlm507.jpg "border=" 0 "/>

650) this.width=650; "height=" 189 "title=" clip_image048 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image048 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6f/wkiom1vjb5njyzukaabf5pnq78m990.jpg "border=" 0 "/>

Found an error, because in a workgroup environment , We first have to trust this authority

650) this.width=650; "height=" 287 "title=" clip_image050 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image050 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcqzbpt4zaafscdyu-5m411.jpg "border=" 0 "/>

Download the certificate chain, this certificate is used to build trust

650) this.width=650; "height=" 349 "title=" clip_image052 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image052 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcq3zm8kzaadmiaebtw8253.jpg "border=" 0 "/>

Add a trust certificate locally

650) this.width=650; "height=" 390 "title=" clip_image054 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image054 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcq3s2va1aaeygv4lnge282.jpg "border=" 0 "/>

650) this.width=650; "height=" 404 "title=" clip_image056 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image056 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcq7xdmbpaaidarh-sb4048.jpg "border=" 0 "/>

Import *. Certificates in P7B format

650) this.width=650; "height=" 372 "title=" clip_image058 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image058 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcq_dgv5naad1a0iqkgo082.jpg "border=" 0 "/>

One more time.-Select "Complete certificate Request"

650) this.width=650; "height=" 233 "title=" clip_image060 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image060 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcrdh227uaadruzue9xo707.jpg "border=" 0 "/>

Check the status of the certificate

650) this.width=650; "height=" 287 "title=" clip_image062 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image062 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6f/wkiom1vjb5_yuljnaabciqghsjo271.jpg "border=" 0 "/>

Add a certificate to a Web site

650) this.width=650; "height=" 364 "title=" clip_image064 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image064 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6f/wkiom1vjb6ddstrdaae9vxh157i212.jpg "border=" 0 "/>

Look at the Win7 client, https:\\web.labca.com

650) this.width=650; "height=" 208 "title=" clip_image066 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image066 "src=" http://s3.51cto.com/wyfs02/ M02/6c/6a/wkiol1vjcrkiulbhaabgzadyyeq720.jpg "border=" 0 "/>

Why does this error indicate that Win7client does not trust this authority

Then I'll make the settings and let Win7 client trust this DC8-CA authority.

650) this.width=650; "height=" 302 "title=" clip_image068 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image068 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcrpso-3maac-fp5xzf4411.jpg "border=" 0 "/>

if the Win7 client If the download is slow, you can turn off the smart screen filter

650) this.width=650; "height=" 187 "title=" clip_image070 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image070 "src=" http://s3.51cto.com/wyfs02/ M00/6c/6a/wkiol1vjcrfgnkrraachymaqnk4377.jpg "border=" 0 "/>

650) this.width=650; "height=" 181 "title=" clip_image072 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image072 "src=" http://s3.51cto.com/wyfs02/ M01/6c/6a/wkiol1vjcrfbtbzoaaeodx25zjs001.jpg "border=" 0 "/>

No error when opened.

650) this.width=650; "height=" "title=" clip_image074 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image074 "src=" http://s3.51cto.com/wyfs02/M02/6C/6A/ Wkiol1vjcriyiam8aaaowff40de262.jpg "border=" 0 "/>

This article from the "Erick" blog, declined to reprint!

[Explaining 1]windows Server CAs

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More