Skype for Business/lync certificate Resolution (iv) four ways to request a certificate

There are four ways to apply for a certificate, and these four ways are not only suitable for skype/lync, but also for any certificate application scenario (except for the first method):

The first way: Automatically generate and assign certificates with the Certificate Wizard in the Sfb/lync installation interface, the simplest operation, but the generated certificate cannot be exported with the private key.

650) this.width=650; "height=" 229 "title=" clip_image001 "style=" border:0px; "alt=" clip_image001 "src=" http:/ S3.51cto.com/wyfs02/m02/72/3e/wkiol1xflt2bldtvaacfrq2b0iu604.jpg "border=" 0 "/>

The second way: through MMC, see the http://huoxian.blog.51cto.com/9437529/1680132 of this series

650) this.width=650; "height=" 313 "title=" clip_image002 "style=" border:0px; "alt=" clip_image002 "src=" http:/ S3.51cto.com/wyfs02/m00/72/3e/wkiol1xflt7dwqjwaaejcjs0p_e525.jpg "border=" 0 "/>

The third way: through the web

Using a Web request requires an SSL-encrypted connection, which means to take the Https://ca/certsrv method, which does not have HTTPS by default, increase the HTTPS connection, for example.

650) this.width=650; "height=" 362 "title=" clip_image003 "style=" border:0px; "alt=" clip_image003 "src=" http:/ S3.51cto.com/wyfs02/m01/72/3e/wkiol1xflt6wmdqgaaftrcg6dai402.jpg "border=" 0 "/>

The fourth way is the main thing to say today, because the first three kinds of people are more familiar with, one can understand, but some occasions must be used in the fourth way, especially some non-Microsoft applications to use the certificate. The first three ways are the Microsoft system built-in certificate request method, convenient, but there is a disadvantage, is the application of the certificate's private key is not exported as a separate private key file, and sometimes we may need this thing, such as when we use Wireshark catch SSL packet, because the SSL packet is encrypted, We cannot parse, and if we can use the corresponding private key to decrypt the SSL packet, it is very helpful for us to debug (Wireshark support, described later). In addition, if you configure Cisco's products, it also requires a separate private key and public key files to merge the generated certificate, the following is the fourth method, the basic steps are as follows:

1. To download OpenSSL, you need to use it.

I found a stable version of OpenSSL, placed on the http://pan.baidu.com/s/1qW7lNv2, you can download, while there are another two files, recommended to run on Win7, install VC + + 2008, then install OpenSSL, and then copy the OPENSSL.CNF to the installation directory, OPENSSL.CNF according to the situation can be modified by itself, will be described later.

650) this.width=650; "height=" 148 "title=" clip_image004 "style=" border:0px; "alt=" clip_image004 "src=" http:/ S3.51cto.com/wyfs02/m02/72/3e/wkiol1xflt-ismtgaacp94qzfms550.jpg "border=" 0 "/>

650) this.width=650; "height=" 507 "title=" clip_image005 "style=" border:0px; "alt=" clip_image005 "src=" http:/ S3.51cto.com/wyfs02/m00/72/3e/wkiol1xfludycorqaajpevittho974.jpg "border=" 0 "/>

Also set the PATH environment variable to point to its Bin folder.

Second, enter the Bin directory, run:

OpenSSL req-out request.csr-new-newkey rsa:2048-nodes-keyout private.key-config "C:\OPENSSL-WIN32\OPENSSL.CNF"

650) this.width=650; "height=" 366 "title=" clip_image006 "style=" border:0px; "alt=" clip_image006 "src=" http:/ S3.51cto.com/wyfs02/m01/72/3e/wkiol1xflugwcyj9aairx-elbdo889.jpg "border=" 0 "/>

REQUEST.CSR is a certificate request file and Private.key is the private key. I am here to apply for a multi-domain certificate, in the openssl.conf inside the corresponding configuration.

650) this.width=650; "height=" 206 "title=" clip_image007 "style=" border:0px; "alt=" clip_image007 "src=" http:/ S3.51cto.com/wyfs02/m02/72/42/wkiom1xflmitbknxaact6g05y0u298.jpg "border=" 0 "/>

Second, the application of Web-style:

650) this.width=650; "height=" 284 "title=" clip_image008 "style=" border:0px; "alt=" clip_image008 "src=" http:/ S3.51cto.com/wyfs02/m00/72/3e/wkiol1xflulc66b1aafggvlian8591.jpg "border=" 0 "/>

650) this.width=650; "height=" 238 "title=" clip_image009 "style=" border:0px; "alt=" clip_image009 "src=" http:/ S3.51cto.com/wyfs02/m02/72/42/wkiom1xflmnqvfqfaachoxn1oea068.jpg "border=" 0 "/>

650) this.width=650; "height=" 194 "title=" clip_image010 "style=" border:0px; "alt=" clip_image010 "src=" http:/ S3.51cto.com/wyfs02/m00/72/3e/wkiol1xfluobl4beaadk7zmeotg637.jpg "border=" 0 "/>

650) this.width=650; "height=" 470 "title=" clip_image011 "style=" border:0px; "alt=" clip_image011 "src=" http:/ S3.51cto.com/wyfs02/m00/72/42/wkiom1xflmrhjm_maagkr6_lhf0682.jpg "border=" 0 "/>

Copy the contents of the REQUEST.CSR generated in the first step into the "Saved requests" box, and the certificate template is selected from the customized computer template and submitted last.

650) this.width=650; "height=" 276 "title=" clip_image012 "style=" border:0px; "alt=" clip_image012 "src=" http:/ S3.51cto.com/wyfs02/m01/72/42/wkiom1xflmvtnm-xaadq2cjtx64267.jpg "border=" 0 "/>

650) this.width=650; "height=" 242 "title=" clip_image013 "style=" border:0px; "alt=" clip_image013 "src=" http:/ S3.51cto.com/wyfs02/m02/72/3e/wkiol1xfluwhaigfaacihifilt8996.jpg "border=" 0 "/>

Finally, download the BASE64 encoded certificate. The default will be a certificate called Certnew.cer, double-click to view some information.

650) this.width=650; "height=" 484 "title=" clip_image014 "style=" border:0px; "alt=" clip_image014 "src=" http:/ S3.51cto.com/wyfs02/m02/72/42/wkiom1xflmziaxhcaahnpcs3zss822.jpg "border=" 0 "/>

Third, the synthesis of public key private key

Remember that the certnew.cer downloaded above is just a public key certificate and does not contain a private key, we can combine the private key and the public key of the first step into one to migrate the requested certificate to another computer and import it.

Merge method:

OpenSSL pkcs12-export-in Certnew.cer-inkey private.key-out cme.pfx

It is also possible to synthesize online pages:

Http://www.myssl.cn/openssl/MergePEM.asp

Iv. Import the above PFX document to the required computer

650) this.width=650; "height=" 366 "title=" clip_image015 "style=" border:0px; "alt=" clip_image015 "src=" http:/ S3.51cto.com/wyfs02/m00/72/3e/wkiol1xfluath8mfaafy1nps82y981.jpg "border=" 0 "/>

This article is from the "FireWire Technology Brothers Blog" blog, please be sure to keep this source http://huoxian.blog.51cto.com/9437529/1689114

Skype for Business/lync certificate Resolution (iv) four ways to request a certificate