Install WIN2008R2, domain control, IIS, Certificate Server, deployment exchange2010

, erecting a Certificate Server

EXCHANGE2010 requires certificate support, EXCHANGE2010 will turn on SSL by default after installation, and only use https://instead of http://In IE to access OWA. If you do not have a certificate, you can also install exchange2010 and use OWA, but there will always be alarms. Therefore, the first set up a certificate Server, self-issued certificates.

Set up a Certificate server, reference

Http://tech.ddvip.com/2009-06/1244884647123645.html

1. Server Manager---Click roles---Add roles to the right---next---Tick Active Directory Certificate Services

2, click Next, tell you if you want to set up a certificate server, you will not be able to modify the server name and domain, so as to avoid the cheat certificate flying. Click Next again.

3. The default is only to install the certificate Authority, in addition to the Online Responder, Web registration work can also be installed, the Web enrollment feature requires the previous installation of IIS ASP support. Other services are either not installed with the same batch of certification authorities, or require additional environment support, and are not installed. Click Next.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_24191297356185032 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s15.sinaimg.cn/middle/4080c68dg9bf046a74ebe& 690 "/>

4, the installation type inside select Enterprise.

There are 2 major classes, enterprise root CAs and standalone root CAs, each with a subordinate CA. Subordinate CAs are prepared for issuing certificates for higher-level CAs that are licensed to subordinate CA institutions, and in terms of scope and functionality, enterprise CAs are broader and more powerful than independent CAs. For example, a standalone CA cannot use a certificate template, whereas an enterprise CA can. Another thing is that a network first installed CA must be the root CA, if the enterprise root CA must have a domain environment, here we choose the first one. (This sentence is completely copied from others, plagiarism is really easier than their typing easy), the enterprise is more bull.

You must be a member of the Domain Admins group or an administrator with AD DS Write permissions to install an enterprise root CA. We've been working with administrator, which of course has this permission.

The CA type is the root CA

5. Set the private key

New private key, default setting, tick Allow interactive, click Next.

6. Configure the CA name, default, click Next. Certificate validity period, default 5 years, click Next. Database location and log location by default, click Next.

7, confirm, install. Warning message once again, the computer name and domain cannot be modified after the CA server is deployed.

8, complete the installation.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_55531297356607619 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s4.sinaimg.cn/middle/4080c68dg75fe6ee64803&690 "/>

9. Start---management tools---certification authority (CERTSRV.MSC) to open Certificate Server management. If ASP is not enabled when IIS is installed, ASP services will also be turned on when Certificate Services and Web enrollment are complete.

10. If you want to install the remaining Certificate Services. Control Panel---Turn Windows features on or off---expand Roles---actice Directory Certificate Services Right-click---add role services

11. Tick the other role services you want to install, if you have a role service request, click Add Required Role services.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_51921297356620062 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s6.sinaimg.cn/middle/4080c68dg9bf06079dcf5&690 "/>

The other role services of the certificate Server may be better, but I'm not going to add them here.

A, installed aWebafter registering, you can start---Management Tools---The InternetInformation Services (IIS) Manager---website---The Default Web site---Click on the right "View Application" sees/certsrvThe program has been added.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_47531297356817042 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s8.sinaimg.cn/middle/4080c68dg9bf06c29f427&690 "/>

- , IE Input in 192.168.1.61/certsrv , the Login box appears, (using Administrator and the xitongguanliyuanmima0 ), you can log in to Certificate Services. Do not login here temporarily, wait until the certificate application file is ready, then login.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_5941297357091964 "alt = "(iv) installation of WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s10.sinaimg.cn/middle/4080c68dg9bf07932b209&690"/ >

15. Restart the server after upgrading.

16. View Certificate Servers and certificates

At the beginning---management tools---Point certification authority---Right-click omohome-omoserver-ca---Select Properties to see Certificate No. 0, which is the root certificate that the Certificate Server issued to itself.

Click View Certificate to see more information.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_30421297357700719 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s14.sinaimg.cn/middle/4080c68dg9bf087c6b22d& 690 "/>

Expand the issued certificate to see the 2nd certificate issued to the domain control server, which will not be issued until after the Certificate Server has been installed and restarted, and is not visible until the restart.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_69851297357800444 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s3.sinaimg.cn/middle/4080c68dg9bf0a18c8c52&690 "/>

Expand Server Manager---webServer (IIS)---ClickInternetInformation Services (IIS) Manager---Right Expandomoserver---Click the server certificate (you can find the certificate in the filter), you can see the two certificates, their default expiration time is not the same. The first is the certificate that is issued to the domain control, and the second is the certificate that is issued to the Certificate Server itself.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_40471297357902989 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s1.sinaimg.cn/middle/4080c68dg9bf0a75ff390&690 "/>

X. Enable site-enabled SSL

Now complete the setup of IIS, Certificate Server, the server already has two certificates, you can experiment to open the site of SSL.

1. Start---Administrative tools---Internet Information Services (IIS) Manager---omoserver---web site---Default Web Site---Right click on the binding---add---type select HTTPS---SSL certificate from our existing two certificates randomly select one, confirm that the SSL is turned on.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_81911297358195285 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s9.sinaimg.cn/middle/4080c68dx9bf0b9bceaf8&690 "/>

Now use 192.168.1.61来 to access the home page, or remain intact. If you use https://192.168.1.61 to access it will change.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_66991297358568555 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s8.sinaimg.cn/middle/4080c68dx9bf0c37ff777&690 "/>

This is because we just bound the SSL certificate is issued to the domain control server, and the input 192.168.1.61 does not match, so there is a warning, click Continue to browse this site, you can see the page, but the Address box becomes red, indicating that the site certificate is abnormal, you need to be careful. Click on the certificate error to view the explanation and certificate contents.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_81031297358650658 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s5.sinaimg.cn/middle/4080c68dx9bf0d5a993b4&690 "/>

2. Now, access is available through both http://192.168.1.61 and https://192.168.1.61, but after the deployment of Exchange, HTTP access is invalidated and can only be accessed through HTTPS. Open the Start---management tool---Internet Information Services (IIS) Manager---omoserver2---web site---The Default Web sites---SSL settings, and when the exchange is set up, the SSL settings are checked. Double-click SSL settings, if we check the request SSL here, then our website can not be accessed via HTTP. After the Exchange deployment is complete, if you don't want to bother, you can uncheck the SSL here, then click Apply, or remove HTTPS bindings from the site's bindings.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_94451297358666331 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s13.sinaimg.cn/middle/4080c68dx75fe7c3c451c& 690 "/>

Xi. make a certificate request for the site, request a certificate, install the certificate

After setting up a Certificate Server, you can make, request, and install a certificate to ensure the use of SSL.

Tutorials for reference http://tech.sina.com.cn/smb/2008-11-23/0713884732.shtml

SSL is intended to improve security, in order not to turn off this option is not the best solution, you should install the certificate to ensure the use of SSL. There are two ways to get the certificate, one is to the global recognized certificate provider to apply for the certificate and then install, one is to set up a certificate server to send themselves a certificate. We have built the Certificate Server in front of you and can request a certificate from your own server.

The CA is Certificate Authority, the Certificate Authority Center, and the Internet server certificate is issued by a public certification authority (CA). To obtain an Internet server certificate, you first send the request to the CA, and then you install the Internet server certificate that is sent from the CA.

1. Open IIS Manager, click Omoserver2, locate the server certificate under the middle IIS section, double-click (You can also enter "certificate" Quick Find in the filter.) )

2. In the actions pane on the right, click Create certificate request.

3. On the Distinguished Name Properties page of the Request Certificate Wizard, fill in the information, and then click Next. the certificate name written here must be the same as the name of the site . For example, the site you want to certify is called omoserver2.omohome.com, so the name must be filled in. Even if the 192.168.1.61 and it point to the same page, it can not be filled in 192.168.1.61, otherwise in use will appear the client input site name and certificate name does not meet, authentication alarm situation. All other content can be filled out casually.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_80831297359219641 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s12.sinaimg.cn/middle/4080c68dx9bf0f4449abb& 690 "/>

5, encryption default, bit length by default, click Next.

6. On the file Name page, in the Specify a file name for the certificate Request text box, type a file name, and you can click the browse button (...) on the page to specify the location and name of the save. I put the certificate under my document, named Omo Certificate request file, the default is TXT file.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_58161297359452528 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s1.sinaimg.cn/middle/4080c68dx9bf0fc6f2e30&690 "/>

7, to my document inside a look, a certificate application file made. Open the certificate, see a lot of xxx text, this is encrypted content. Then, if the money is free, go to the internationally recognized certificate issuing company to apply for a certificate. How much does a certificate cost? I don't know. Who are the application documents sent to? I don't know. How much time is the certificate ready to send back? I don't know. Seemingly an online tax on the CA certificate is 80 yuan, seemingly Taobao certificate do not money, seemingly pirated server to make a certificate very tangled.

Or send this file to our own Certificate Server to authenticate it.

8. Certificate Application Document "Omo Certificate application file". txt "is ready and placed in my documentation; The Certificate server is already set up and can be accessed by the Web. Start applying for a certificate now.

A, first in the server IE to add http://192.168.1.61/as a trusted site, the trust of the site security to a minimum. (This is to download the plugin is not blocked by IE)

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_12011297359702727 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s7.sinaimg.cn/middle/4080c68dx9bf10a0af256&690 "/>

b , ie enter http://192.168.1.61/certsrv administrator2 and xitongguanliyuanxxxx0 ) login. Click Request a certificate, click the Advanced certificate request, select the second item 64 coded

C. Find the "Omo Certificate request file. txt" In my document, open and copy all the contents.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_87971297359820152 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s7.sinaimg.cn/middle/4080c68dx9bf118eecc26&690 "/>

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_1021297360011920 "alt = "(iv) installation of WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s12.sinaimg.cn/middle/4080c68dx9bf12018d8fb&690"/ >

D, click "Yes", confirm the operation, default DER encoded certificate, then click Download Certificate. Save the good certificate to my document.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_90941297360246629 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s8.sinaimg.cn/middle/4080c68dg9bf12b349bf7&690 "/>

9, has completed the erection of the Certificate Server---Certificate request file production---to set up a certificate server to apply for a certificate, the remaining is the resulting certificate imported.

Start---Administrative Tools---Internet Information Services (IIS) Manager---omoserver2---Certificate Server---Point to the right of the completion certificate request, in my document to find the certificate just downloaded, remember the name casually write, all the way to determine the completion of the certificate import.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_89911297360329173 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s5.sinaimg.cn/middle/4080c68dg9bf1393b0d44&690 "/>

now at the beginning admin tool ---Internet Information Services ( < Span style= "FONT-FAMILY:CALIBRI;" >iis ---omoserver--- The Certificate Server has a 3 a certificate, from top to bottom are issued to the domain control certificate, the Certificate Server issued its own certificate, the certificate just imported.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_69631297360735387 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s4.sinaimg.cn/middle/4080c68dg9bf13e1cc363&690 "/>

10. After the certificate has been imported, it has not been bound with the website. Start---Administrative Tools---Internet Information Services (IIS) Manager---OMOSERVER2---website---the default Web site---Right click on the bind---Pop-up dialog box and click Add---type HTTPS, In the SSL certificate selection drop-down box, locate the certificate that you just imported, and confirm it all the way. (If the previously bound certificate is still a domain-controlled certificate, you can change it to the Web site's certificate)

11, in the server's IE input

Both http://omoserver2.omohome.com/and https://omoserver2.omohome.com/can be accessed. When the input https://omoserver2.omohome.com/the open page changes, a lock appears after the address bar, indicating that the encryption, click on the lock can see the description.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_39801297361203633 " alt= "(iv) Install WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s6.sinaimg.cn/middle/4080c68dg9bf1565eb485&690 "/>

A, this time, and then to the client'sIEInput inhttps://omoserver2.omohome.com/, there is still a certificate error warning, because the client has not yet trusted our own building of the Certificate Server. On the client'sIEin thehttp://192.168.1.61/Add as a trusted site, log inHttp://192.168.1.61/certsrv, after entering your password, click Download a CA certificate, certificate chain, or CRL ---DownloadCACertificate---saved to the desktop. On the desktop open the certificate you just downloaded, you can see this root certificate untrusted alarm, click Install certificate---Next Step---choose to put all certificates in the following storage---Browse---Select Trusted Root Certification authorities---And then all the way to choose confirmation and yes. Once the import is complete, then open the desktop's certificate and you can see that the certificate alarm has disappeared.

650) this.width=650; "title=" (iv) Installation WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010 "Name=" image_operate_4101297361363633 "alt = "(iv) installation of WIN2008R2, domain control, IIS, Certificate Server, Deployment exchange2010" src= "http://s4.sinaimg.cn/middle/4080c68dg9bf1726c7933&690"/ >

13, again in the client IE open https://omoserver2.omohome.com/, the normal lock appears, the certificate installation is complete. This certification is only for the name omoserver2.omohome.com, if you log in with 192.168.1.61来, because the name and certificate are different, even if they point to the same site, will also alarm.

- , install a certificate to each client computer to ensure they are not alerted.

If you plan to not enable SSL , then you can not set nine or 10, 11

All pre-deployment preparation work except for certificate settings can be

http://technet.microsoft.com/zh-cn/library/bb691354 (exchg.140). aspx

In the query. The readiness to not decorate the certificate is very fast.

Still need to upgrade, archive.

Install WIN2008R2, domain control, IIS, Certificate Server, deployment exchange2010