With the rapid development of network technology, Internet has become an indispensable part of people's lives, but it also faces installation problems. To ensure that the Internet can transmit data securely, technicians have developed PKI technology.
Now let's look at the data signature for PKI.
Provides the following functions:
Identity Verification: the recipient can confirm the sender's identity
Data Integrity: confirms that the message content is not modified during transmission.
Operation Non-Repudiation: other users cannot impersonate the sender to send messages
Principles and processes of data signature:
1. The sent file uses a hash algorithm to generate a 128-bit digital digest.
2. the sender uses its own private key to encrypt the abstract, which forms a Data signature.
3. Send the source file and the encrypted summary to the other party at the same time.
4. The recipient decrypts the digest using the sender's public key, and generates a digest for the received file used by the sender for the same hash algorithm.
5. the decrypted summary and received files are compared with the recipient's summary. If they are the same, they are sent by the sender and have not been damaged or tampered with during transmission.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DA/wKiom1QBgVnTfQDtAAEae1PTn1s116.jpg "Title =" 1.png" alt = "wkiom1qbgvntfqdtaaeae1ptn1s116.jpg"/> next let's install the Certificate Service
Log on to DC using the Administrator account in DC
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DA/wKiom1QBhJjjsTMfAAMwzkw_v5Q441.jpg "Title =" 1.png" alt = "wkiom1qbhjjj1_faamwzkw_v5q441.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DC/wKioL1QBhemQWsh-AAKDyuMxJnc072.jpg "Title =" 2.png" alt = "wKioL1QBhemQWsh-AAKDyuMxJnc072.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DC/wKioL1QBhjHDepyIAAKCoOW6B64967.jpg "Title =" 3.png" alt = "wkiol1qbhjhdepyiaakcoow6b64967.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DA/wKiom1QBhUjhhtVHAAI9Bq76XoY419.jpg "Title =" 4.png" alt = "wkiom1qbhujhhtvhaai9bq76xoy419.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/DC/wKioL1QBhoXiIBxmAAK8S-YgSjs908.jpg "Title =" 5.png" alt = "wKioL1QBhoXiIBxmAAK8S-YgSjs908.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DA/wKiom1QBhZ_yEN7RAANB4w8qIk4560.jpg "Title =" 6.png" alt = "wkiom1qbhz_yen7raanb4w8qik4560.jpg"/> and the installation is complete
Next, we will install IIS on the Web server,
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/DA/wKiom1QBiI7jwdIOAAOExFzlAKg978.jpg "Title =" 1.png" alt = "wkiom1qbii71_dioaaoexfzlakg978.jpg"/> Installation Complete double-click server certificate
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DC/wKioL1QBinDT7mK-AANAIsC-7cM370.jpg "Title =" 1.png" alt = "wKioL1QBinDT7mK-AANAIsC-7cM370.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DA/wKiom1QBiZWBYUHbAAKY9DE4sxQ311.jpg "Title =" 1.png" alt = "wkiom1qbizwbyuw.aky9de4sxq311.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DA/wKiom1QBihXhmuYtAAJVZTc02Us952.jpg "Title =" 1.png" alt = "wkiom1qbihxhmuytaajvztc02us952.jpg"/> Complete Certificate Application
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DD/wKioL1QBkjDREDO4AATM9K3W4mA116.jpg "Title =" 1.png" alt = "wkiol1qbkjdredo4aatm 9k3w4ma116.jpg"/> click Apply for Certificate
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/DD/wKioL1QBktmQ-OJpAAKJxXOL8aI173.jpg "Title =" 1.png" alt = "wKioL1QBktmQ-OJpAAKJxXOL8aI173.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DB/wKiom1QBkfOCxhBmAAOTCS7W2OU725.jpg "Title =" 1.png" alt = "wkiom1qbkfocxhbmaaotcs7w2ou725.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/DB/wKiom1QBkmDQeAI8AAN9n41g9iQ004.jpg "Title =" 1.png" alt = "wkiom1qbkmdqeai8aan9n41g9iq004.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DD/wKioL1QBlEHw1L8aAAMnNJt8fpM870.jpg "Title =" 1.png" alt = "wkiol1qblehw1l8aaamnnjt8fpm870.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DD/wKioL1QBlW_Rs-MrAAMfQCB23a8066.jpg "Title =" 1.png" alt = "wKioL1QBlW_Rs-MrAAMfQCB23a8066.jpg"/> 650) This. length = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DD/wKioL1QBlbKz8cn_AAJefpT-ek0844.jpg "Title =" 2.png" alt = "wKioL1QBlbKz8cn_AAJefpT-ek0844.jpg"/> note that if an enterprise ca automatically issues a certificate after submitting an application, and if it is an independent ca, manual authentication is required. issue
Configure SSL for Web Sites
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/DB/wKiom1QBlo3jsOyzAAOD33IqI14033.jpg "Title =" 1.png" alt = "wkiom1qblo3jsoyzaaod33iqi14033.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DD/wKioL1QBmBOTtQaPAANriggJuc8781.jpg "Title =" 1.png" alt = "wkiol1qbmbottqapaanriggjuc8781.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/DB/wKiom1QBoUChLG8_AANXw5I Cktg956.jpg "Title =" 2.png" alt = "wkiom1qbouchlg8_aanxw5icktg956.jpg"/> you must add https: // ip to the client to access the file !!!
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/47/DC/wKiom1QBouaTu3OVAAFoO0lWIXE033.jpg "Title =" 1.png" alt = "wkiom1qbouatu3ovaafoo0lwixe033.jpg"/>
This article is from the "diaosi life" blog and will not be reproduced!
PKI and certificate service applications