Tell me about the certificate.

Source: Internet
Author: User
Tags asymmetric encryption

Tag: blank target style title certificate

To say the certificate first to say that the form of encryption is divided into two symmetric encryption, asymmetric encryption also has a form is often referred to as the concept of the so-called hybrid encryption in fact

Is the combination of the speed advantage of symmetric encryption with the security advantages of asymmetric encryption, (general work will not be encountered)

650) this.width=650; "title=" clip_image001[4] "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image001[4] "src=" http://s3.51cto.com/wyfs02/M00/71/05/ Wkiol1xehscwbnniaaekxrew410151.jpg "" 582 "height=" 561 "/>

One. CA Trust Issues

1. If the CA is the same server as the ad, the policy is automatically applied to establish a trust relationship with the domain member.

2. If the CA and ad are not the same server, you need to use Group Policy in AD to push the public key in the CA to add the trust.

3. Clients that do not have an add-on domain can only be requested by manual method. or copy the public key to manually add it in.

Two. User authentication issues

When you need to use IIS to request a user certificate when deploying Caweb registration, Check Basic authentication (provide authentication method for IIS request certificate) when TMG publishes the certificate without user authentication, it cannot complete the jump.

Three. CRL Issues

With respect to the CRL address, the certificate is also published for the issue of using HTTPS certificate encryption on the external network, and the certificate CRL Revocation column list is also to be published.

Three. Multi-domain certificate issues.

The default one certificate can only bind a domain name, but for multi-domain names, for example (Exchange multi-domain certificates can be written in the application of Exchange certificates, Web site multi-domain certificate, RDS deployment different roles to deploy different machines, require multi-domain certificate). These can be written when you request a certificate after copying a computer template.

The final point is to publish the revocation list for the certificate:

First Kind

1 Certificate Server Right-click Properties-Expand. Select CRL Distribution Point CDP Publishing

650) this.width=650; "title=" clip_image001[6] "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image001[6] "src=" http://s3.51cto.com/wyfs02/M01/71/05/ Wkiol1xehswti3njaaoqcfshgzw600.jpg "" 728 "height=" 490 "/>

2 need to distribute the certificate and verify it.

, 650) this.width=650; "title=" 2 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" 2 "src=" Http://s3.51cto.com/wyfs02/M02/71/05/wKioL1XEHsnDRd_ Daakfc7ehs5g974.jpg "" 538 "height=" 663 "/>

The first method, which distributes the server name of the CA certificate as a domain name, requires a second method if you want to customize access to the CA's domain name.

The second type:

1 Open IIS to view the storage of the default certificate's revocation list. Add a new revocation address for HTTP in the CA extension. /HTTP/revocation list filename \ revocation List file name

650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M00/71/05/ Wkiol1xehs7q3s4laasd8-gg1ms857.jpg "" 976 "height=" 508 "/>

3. Fill it out and post it later

650) this.width=650; "title=" clip_image003 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/M01/71/05/ Wkiol1xehtdc4bn6aagk9yq8fqc252.jpg "" 490 "height=" 409 "/>

4. Add access to the AIA http://Revocation List folder \ Revoke the full name of the certificate and publish it.

650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/71/05/ Wkiol1xehtwsf6ogaam9o0t8p3q281.jpg "" 975 "height=" 548 "/>

Restart Certificate Services, republish the new changes to the revocation list machine, do not take effect for the previous certificate, and if necessary, remove the previous certificate and then reapply.

Tell me about the certificate.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.