Operations on server certificate CA

Certificate issuing module

I. experiment environment

1. IP address of the Certificate Server

2. IP address of the Web server

3. Client IP Address

4. access the Web site from the client

Ii. Web server certificate application a) first trust CA

1. Select to download the CA certificate/certificate chain or CRL

2. Click to continue downloading the certificate or certificate chain and save it.

3. Open mmc to add a certificate and select a computer account

4. Select a trusted root certificate authority.

5. Right-click to import the certificate

6. Select a file

7. Next Step and complete

B) apply for a certificate 1. Select Apply for a certificate

2. select Advanced Certificate Application

3. Create and submit an application to this CA

4. Click Yes and then complete

5. Make sure that the key is exported and the server authentication certificate is used.

6. Apply for a certificate on the Certificate Server

7. Open a browser on the Web server to view the application status of the suspended certificate.

8. Click to view the pending Certificate Application Status

9. Click Yes and then click Install this certificate

10. After installation, export the certificate. You can find the certificate in the browser and export it.

11. Find and export

12. Mark the export private key

13. Next Step

14. Enter the security key for next step

15. Next, select the saved location and complete the export.

16. Open mmc to add a certificate module and select a computer account

17. Find the personal -- certificate, right-click Import, and click Next.

18. Select all files and then select the exported Certificate file

19. Enter the previous key and complete the import (we recommend that you mark this key as an exported key)

20. Final Completion

C) Certificate Application II. 1. Select Server Certificate

2. Fill in relevant attributes

3. Note that the common name is the URL that requires client connection (so it must be filled in correctly)

4. Retain the default value

5. Select and complete the path.

6. Open a browser to apply for a certificate

7. Select Apply for Certificate

8. select Advanced Certificate Application

9. Select the second one.

10. Find the content in the copy of the file you just applied to save.

11. paste and save the application

12. Open a browser to view the Certificate Application Status

13. Download and save

14. Open IIs to complete Certificate Application

15. Select the file you just downloaded.

16. Select website binding

17. Bind https

18. After binding, access through https on the client

19. But the access can be continued, but it is not recommended

The reason for identity authentication is that anonymous access is disabled, but access is allowed. 3. Apply for a certificate for the client. a) Ask the client to trust CA1. choose to download the CA certificate/certificate chain or CRL.

2. Select Download Certificate

3. Save

4. Enable mmc to add a certificate and select a computer account.

5. Find the Trusted Root Certificate Authority, click the certificate, and click all tasks on the right to import

6. Select the downloaded CA certificate and complete the import.

7. Complete

8. After installation, Use https to access the website

B) Client installation certificate 1. Apply for a client certificate through a browser on the client

2. Select Apply for Certificate

3. select Advanced Certificate

4. Select create and submit an application to this CA

Be sure to mark the key as exported

5. Submission completed

6. Issue the client application certificate on the CA Server

7. Check the Client ID card application on the client.

8. Install the certificate

9. Export the certificate

10. It is necessary to export the Private Key

11. Keep the default value

12. Enter the Security Key

13. Save path

14. Open mmc and add the certificate module to your computer account. Then find the individual under the certificate and right-click all tasks to import

15. Select a certificate file

16. Enter the key for next step

17. Final Completion

18. Finally, the client verifies https access through a browser.