Skype for Business 2015 Combat Series 3: Installing and configuring a CA
Whether it's a Skype for Business Server 2015 or a previous Lync, the one thing that's not going to go around during the deployment process is the certificate, not the Skype for Business Server 2015 and Lync Bypass certificate, Now almost all Microsoft products are around, like mail, Remote Desktop services, private cloud, hybrid cloud and so on, will use the certificate, in fact, not only Microsoft, Microsoft, many products and solutions are not around the certificate this thing, who call it a basic thing? Now that the certificate is so important to Skype for Business Server 2015, let's look at how to install and configure the CA.
In my environment, the CA and ad are placed on a single machine, so log on to the domain controller. Open Server Manager and click "Add Roles and Features":
650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image002 "src=" Http://s3.51cto.com/wyfs02/M00/85/AB/wKioL1er6rPii0uhAAG0ZFTQYLg016.png "height=" 435 "/>
Select Role-based or feature-based installation and click Next:
650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image004 "src=" Http://s3.51cto.com/wyfs02/M01/85/AB/wKioL1er6rShvvmuAAFgX0eYwKk579.png "height=" 457 "/>
To determine the computer name, IP address no problem, click Next:
650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image006 "src=" Http://s3.51cto.com/wyfs02/M02/85/AC/wKiom1er6rbBpFUJAAGy3ZLLWII557.png "height=" 458 "/>
Tick Active Directory Certificate Services:
650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image008 "src=" Http://s3.51cto.com/wyfs02/M02/85/AB/wKioL1er6rfBSOU4AAGt0wc4wgs953.png "height=" 457 "/>
650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image010 "src=" Http://s3.51cto.com/wyfs02/M00/85/AB/wKioL1er6rjTkMqWAAIE-0D5hVg698.png "height=" 456 "/>
Because our Skype for Bussiness Server 2015 and Office Web APP servers are all Web certificates, select the certification authority, certification Authority WEB enrollment, and click Next in the Choose role service location:
650) this.width=650; "title=" clip_image012 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image012 "src=" Http://s3.51cto.com/wyfs02/M02/85/AC/wKiom1er6rmifo6mAAGftU3JqAo830.png "height=" 456 "/>
Because the Web server is used to install Certificate Services, leave the default here and click Next:
650) this.width=650; "title=" clip_image014 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image014 "src=" Http://s3.51cto.com/wyfs02/M02/85/AB/wKioL1er6rqwJCLQAAICjNR5ymk726.png "height=" 457 "/>
Confirm the error, click Install:
650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image016 "src=" Http://s3.51cto.com/wyfs02/M00/85/AC/wKiom1er6rywJtXMAAHmotpYMXc394.png "height=" 458 "/>
The Certificate Server installation is complete, but the current state of the Certificate Server is not able to provide certificate enrollment services to the outside world, so we need to configure it.
To configure the Certificate Server, click Configure Active Directory Certificate Services on the destination server:
650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image018 "src=" Http://s3.51cto.com/wyfs02/M01/85/AC/wKiom1er6r2Tc_UHAAHj7nJZe7o636.png "height=" 459 "/>
Confirm the use of valid credentials at the credential location and click Next:
650) this.width=650; "title=" clip_image020 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image020 "src=" Http://s3.51cto.com/wyfs02/M00/85/AC/wKiom1er6r-RP10cAAFyUpt8YS0806.png "height=" 471 "/>
Tick the role that we need to configure in the service role location, because I installed only two Certificate server roles, so check "certification authority", "certification authority Web enrollment" here, and click Next:
650) this.width=650; "title=" clip_image022 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image022 "src=" Http://s3.51cto.com/wyfs02/M02/85/AB/wKioL1er6sCCHIbVAAE-B3mu8xA753.png "height=" 471 "/>
In setting the type location, develop the CA type, where we use "Enterprise CA":
650) this.width=650; "title=" clip_image024 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image024 "src=" Http://s3.51cto.com/wyfs02/M01/85/AC/wKiom1er6sGxPn-4AAG2Sy2MLyg531.png "height=" 470 "/>
Tick and CA Click Next:
650) this.width=650; "title=" clip_image026 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image026 "src=" Http://s3.51cto.com/wyfs02/M00/85/AB/wKioL1er6sOyOw0lAAG9VWLJjpU512.png "height=" 473 "/>
In the private key location, because we are installing for the first time, so tick "create new private key" here:
650) this.width=650; "title=" clip_image028 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image028 "src=" Http://s3.51cto.com/wyfs02/M02/85/AC/wKiom1er6u3BRlpCAAHyI6QJzbY549.png "height=" 472 "/>
In the encryption location select the hash algorithm to sign the CA issued certificate and the key length, where I remain the default and click Next:
650) this.width=650; "title=" clip_image030 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image030 "src=" Http://s3.51cto.com/wyfs02/M02/85/AB/wKioL1er6u6CoXIkAAFvBdtU5Ug664.png "height=" 470 "/>
At the CA name location, save the default and click Next:
650) this.width=650; "title=" clip_image032 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image032 "src=" Http://s3.51cto.com/wyfs02/M00/85/AC/wKiom1er6vDhb0iuAAFzmiatsbc377.png "height=" 472 "/>
In the certificate validity period, select the validity period of the certificate, and if it is used internally, it is recommended to set the certificate validity period longer to avoid problems with late certificate expiration:
650) this.width=650; "title=" clip_image034 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image034 "src=" Http://s3.51cto.com/wyfs02/M01/85/AC/wKiom1er6vHD-V0ZAAE2ewicwZU940.png "height=" 470 "/>
Select the location where the CA database is stored in the CA database location and click Next:
650) this.width=650; "title=" clip_image036 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image036 "src=" Http://s3.51cto.com/wyfs02/M02/85/AC/wKiom1er6vKSFTPOAAElECzFCaU755.png "height=" 472 "/>
Confirm the location, confirm that the previous action is no problem, click Configure:
650) this.width=650; "title=" clip_image038 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image038 "src=" Http://s3.51cto.com/wyfs02/M00/85/AC/wKiom1er6vOzrpMCAAG_33g2rYE456.png "height=" 472 "/>
Configuration successful, click Close:
650) this.width=650; "title=" clip_image040 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image040 "src=" http://s3.51cto.com/wyfs02/M00/85/AB/wKioL1er6vSA3iH5AAEn3pxazlo748.png "height=" 475 "/>
After the configuration is complete, open the certification authority to see if the certificate is configured successfully, as shown in the Certificate Server configuration:
650) this.width=650; "title=" clip_image042 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image042 "src=" http://s3.51cto.com/wyfs02/M01/85/AC/wKiom1er6vWA_c6FAADTs45antU543.png "height=" 449 "/>
This article is from the "Wu Yuzhang Microsoft blog" blog, make sure to keep this source http://wuyvzhang.blog.51cto.com/9992636/1836797
Skype for Business 2015 Combat Series 3: Installing and configuring a CA