Vacs+802.1x+aaa+ad+ca Detailed configuration tutorial (iv)

Last Update:2014-12-01 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Part III:Cathe installation and configuration process:1,Cathe installation

in the Add / Remove Windows component, select Certificate Services, and then next to start the installation. Installation of the process here is not detailed, all choose the default configuration, there is a hint of the basket out on the choice is possible.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7xVHzBdnNAAIk-qzIcas187.jpg "title=" 1.png " alt= "Wkiol1r7xvhzbdnnaaik-qzicas187.jpg"/>

After the installation is complete, open the certification authority in the Administrative tools.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKiom1R7xNTS-fSAAAFGD6eUoh8873.jpg "title=" 2.png " alt= "Wkiom1r7xnts-fsaaafgd6euoh8873.jpg"/>

2,AcsRequest a certificate

here is also a very important link, because the back802.1xThe client needs to usePEAPto implement the validation type. The first thing I do is usemd5-The question has been unsuccessful for half a day. It was later discovered that the documentACSin the validation if you use theMD5can not be achieved withADintegrated, fainted!! UsePEAPCertificate Service is required to complete the certification, soACSneed to apply for a certificate. That's whyACSwhen integrating with a domain, you need toCAthe reason for it.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/30/wKiom1R7xODRjR_nAAFNtatX6NI564.jpg "title=" 3.png " alt= "Wkiom1r7xodrjr_naafntatx6ni564.jpg"/>

in the Enter http://172.16.167.172/certsrv into the certificate Request page of the ACS server's IE browser , here because I put ACS and CA Installed on the same server, so it looks like you gave yourself a certificate. hehe.

Then select Request a certificate:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2F/wKioL1R7xXHQPzLoAAKwAXtVBnY323.jpg "title=" 4.png " alt= "Wkiol1r7xxhqpzloaakwaxtvbny323.jpg"/>

Select Advanced Certificate Request:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKiom1R7xPGh5fnhAAH5n1A_7f0076.jpg "title=" 5.png " alt= "Wkiom1r7xpgh5fnhaah5n1a_7f0076.jpg"/>

Select Create and send to this CA submits a request:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7xZTh7ssFAAKb4deWIVU908.jpg "title=" 6.png " alt= "Wkiol1r7xzth7ssfaakb4dewivu908.jpg"/>

and then select Web Server certificate Template, here I encountered a problem please which expert knows trouble tell me. This page is supposed to be the choice of server certificate, but I do not know here why do not appear, do not understand ...

A pending certificate is required on the Certificate Server if the server certificate is used à issued, such a process, but I choose here Web after the server, this certificate can be used directly, the Certificate Server do not set anything, more depressed! Because I am not familiar with the CA , so who knows the cause of the trouble tell me haha!

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/31/wKiom1R7xRLR3nZtAAJRURaU5wI998.jpg "title=" 7.png " alt= "Wkiom1r7xrlr3nztaajrurau5wi998.jpg"/>

And then the information is filled in.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7xaLxFrPxAAI_Q6uX3Pg039.jpg "title=" 8.png " alt= "Wkiol1r7xalxfrpxaai_q6ux3pg039.jpg"/>

Key options need to be noted in the need to mark the key to be exportable and save the certificate in the local computer store these two options tick!

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2F/wKioL1R7xavz8JkeAAJByZD6a8Y975.jpg "title=" 9.png " alt= "Wkiol1r7xavz8jkeaajbyzd6a8y975.jpg"/>

Submit, select Yes

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/31/wKiom1R7xSnybTgVAAJkOGzPXz4313.jpg "title=" 10.png "alt=" Wkiom1r7xsnybtgvaajkogzpxz4313.jpg "/>

Click Install this Certificate

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7xbqzhivfAAHk-PGjccg718.jpg "title=" 11.png "alt=" Wkiol1r7xbqzhivfaahk-pgjccg718.jpg "/>

Choose Yes

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7xcOiqdUTAAJ--of68TQ407.jpg "title=" 12.png "alt=" Wkiol1r7xcoiqdutaaj--of68tq407.jpg "/>

Certificate installed successfully

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/31/wKiom1R7xUPyLa8fAAHfDpOb-mc611.jpg "title=" 13.png "alt=" Wkiom1r7xupyla8faahfdpob-mc611.jpg "/>

at this point in the Certificate Server à the Issued Certificates page can be seen just certificate requested by ACS

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/30/wKioL1R7x5OjIoLhAAIzzhicIas699.jpg "title=" 14.png "alt=" Wkiol1r7x5ojiolhaaizzhicias699.jpg "/>

3,AcsConfigure certificates on

Back to ACS , select ACS Certificate Setup on the System Configuration page

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/31/wKiom1R7xwCTBDOEAAKO_icp4FE425.jpg "title=" 15.png "alt=" Wkiom1r7xwctbdoeaako_icp4fe425.jpg "/>

and then select Installacs Certificate

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/30/wKioL1R7x37g2M7jAAHp3iVcfNA469.jpg "title=" 16.png "alt=" Wkiol1r7x37g2m7jaahp3ivcfna469.jpg "/>

Select Usecertificate from storage, then enter the name of the certificate you just requested tsgnet

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/31/wKiom1R7xuvxuJPuAAKIFhcidqc863.jpg "title=" 17.png "alt=" Wkiom1r7xuvxujpuaakifhcidqc863.jpg "/>

last Commit, you can see the certificate and status that have been successfully installed. The ACS service needs to be re-established here to take effect

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKioL1R7x1yzBeWcAAKTLlAphao374.jpg "title=" 18.png "alt=" Wkiol1r7x1yzbewcaaktllaphao374.jpg "/>

4, ConfigurationPEAPCertifications

in the Select Global Authentication Setup in the System Configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/31/wKiom1R7xsejjkoBAAKKhT5UESc166.jpg "title=" 19.png "alt=" Wkiom1r7xsejjkobaakkht5uesc166.jpg "/>

in the Allow Eap-mschapv2 is selected in PEAP, none of theothers

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/31/wKiom1R7xqKAaD-SAALOu_N1K3o462.jpg "title=" 20.png "alt=" Wkiom1r7xqkaad-saalou_n1k3o462.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7xxzTivioAALT2rl6Xa4191.jpg "title=" 21.png "alt=" Wkiol1r7xxztivioaalt2rl6xa4191.jpg "/>

The bottom of the Select Allow MS-CHAP Version 2Authentication in MS-CHAP Configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7xoPwVVh0AALd3NoGGoQ788.jpg "title=" 22.png "alt=" Wkiol1r7xopwvvh0aald3noggoq788.jpg "/>

Video sharing: Http://www.dwz.cn/lij9D

Vacs+802.1x+aaa+ad+ca Detailed configuration tutorial (iv)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Vacs+802.1x+aaa+ad+ca Detailed configuration tutorial (iv)

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support