View6.2 replacing VCs and composer server certificates

After we have built the view environment, because of VCs and composer self-signed certificates, each visit always prompts the certificate is not trustworthy. Here's how to replace a self-signed certificate with a certificate issued by a CA.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/15/wKioL1cTOarTUE4JAADpxnxhgP8797.png "title=" 0.png " alt= "Wkiol1ctoartue4jaadpxnxhgp8797.png"/>

1. Join a WINDOWS2008R2 server to the domain and let him become our CA server

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/15/wKioL1cTObqwytVDAACuB_ELpGk350.png "title=" 1.png " alt= "Wkiol1ctobqwytvdaacub_elpgk350.png"/>

2. Install the Active Directory Certificate service in the role

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7F/15/wKioL1cTOdTi_-MmAADLJegDNqM438.png "title=" 2.png " alt= "Wkiol1ctodti_-mmaadljegdnqm438.png"/>

3. Check the certification authority and allow Web enrollment

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/15/wKioL1cTOeOxULHwAAC-hJ-N83g282.png "title=" 3.png " alt= "Wkiol1ctoeoxulhwaac-hj-n83g282.png"/>

4. Select Enterprise CA

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7F/15/wKioL1cTOfSQ5WWPAAD9uN5gy5A924.png "title=" 4.png " alt= "Wkiol1ctofsq5wwpaad9un5gy5a924.png"/>

5. Select the root CA and keep the default configuration until the installation is complete

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7F/18/wKiom1cTOUvwbJllAAEFlPJD7Gs476.png "title=" 5.png " alt= "Wkiom1ctouvwbjllaaeflpjd7gs476.png"/>

6. The default CRL distribution point is unable to access the revocation list through HTTP, we need to manually add

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7F/15/wKioL1cTOkSBqk4mAAE-KDb3OP0033.png "title=" 6.png " Style= "Float:none;" alt= "Wkiol1ctoksbqk4maae-kdb3op0033.png"/>

7. The same needs to be added in the Authority Access 650) this.width=650; "Src=" http://s2.51cto.com/wyfs02/M01/7F/18/ Wkiom1ctoyvrl97caafxkps7qkc627.png "title=" 7.png "style=" Float:none; "alt=" wkiom1ctoyvrl97caafxkps7qkc627.png "/ >

8. Allow automatic issuance of certificates in the policy module

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/18/wKiom1cTOY3Amee2AAE3Ji6gk1E157.png "title=" 8.png " Style= "Float:none;" alt= "Wkiom1ctoy3amee2aae3ji6gk1e157.png"/>

9. Click Manage in the certificate template to create a certificate template for view

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/15/wKioL1cTOkrAmjJkAACi6H5u96I062.png "title=" 9.png " Style= "Float:none;" alt= "Wkiol1ctokramjjkaaci6h5u96i062.png"/>

10. Select Copy Web Server template when creating and modify it to be a new view template

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7F/15/wKioL1cTOkzSJVExAAEeJsypF3A297.png "title=" 10.png "Style=" Float:none; "alt=" Wkiol1ctokzsjvexaaeejsypf3a297.png "/>

11. In the request processing note to check the Allow to export the private key

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/18/wKiom1cTOZLyKqpOAAEeTaw-E5k879.png "title=" 11.png "Style=" Float:none; "alt=" Wkiom1ctozlykqpoaaeetaw-e5k879.png "/>

12. In return to the certificate template, select New to add the template that just created the view

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/15/wKioL1cTOk-zauaiAACKXZa4C5I407.png "title=" 12.png "Style=" Float:none; "alt=" Wkiol1ctok-zauaiaackxza4c5i407.png "/>

13. Publish a revocation List

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/18/wKiom1cTOZbQSGhQAAETDhivKQU641.png "title=" 13.png "Style=" Float:none; "alt=" Wkiom1ctozbqsghqaaetdhivkqu641.png "/>

14. Go to the VCS server and enter the certificate request address

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/18/wKiom1cTOZeTblLuAADcOiX_Y3E985.png "title=" 14.png "Style=" Float:none; "alt=" Wkiom1ctozetblluaadcoix_y3e985.png "/>

15. Due to IE's default security settings, we need to allow active content and invalid signature software to run in IE's program

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/18/wKiom1cTOZqSHH8CAAEj4ROZ5WY868.png "title=" 15.png "Style=" Float:none; "alt=" Wkiom1ctozqshh8caaej4roz5wy868.png "/>

16. At the same time, add the CA's request URL to the local intranet in security and minimize the security level

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/18/wKiom1cTOZzg-sRVAADlI48o0vs540.png "title=" 16.png "Style=" Float:none; "alt=" Wkiom1ctozzg-srvaadli48o0vs540.png "/>

17. Refresh the page again to access it normally. Since VCs was created before the CA, there is no reboot (after the CA takes effect, the computer that is joined to the domain automatically trusts), even if there is a CA in the domain now but he still has no trust, we need to manually add the trust (this method also applies to the PC in the workgroup)

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/15/wKioL1cTOlnzCol4AAB4xe9kKNc459.png "title=" 17.png "Style=" Float:none; "alt=" Wkiol1ctolnzcol4aab4xe9kknc459.png "/>

18. Download the CA certificate, which is used to do the trust

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOZ_BrGXgAABIRnxjG2k190.png "title=" 18.png "Style=" Float:none; "alt=" Wkiom1ctoz_brgxgaabirnxjg2k190.png "/>

19. Run MMC on the local computer, add the computer account that selected the certificate in the Delete snap-in, import the downloaded certificate to the trusted root certification authority

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOaCD55SDAAC6QvinHBM843.png "title=" 19.png "Style=" Float:none; "alt=" Wkiom1ctoacd55sdaac6qvinhbm843.png "/>

20. Return to the Application page and select the certificate request

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/18/wKiom1cTOaKiwfWPAACBv3mN7lM667.png "title=" 20.png "Style=" Float:none; "alt=" Wkiom1ctoakiwfwpaacbv3mn7lm667.png "/>

21. Select Advanced Certificate Request

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/18/wKiom1cTOaLiqblWAAAvoRoMhBM728.png "title=" 21.png "Style=" Float:none; "alt=" Wkiom1ctoaliqblwaaavoromhbm728.png "/>

22. Submit a request to the CA

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOaOwpTynAABQyjYegVk501.png "title=" 22.png "Style=" Float:none; "alt=" Wkiom1ctoaowptynaabqyjyegvk501.png "/>

23. Fill in the identification information (this information is the name of the certificate issued by the CA), and mark the key to export

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7F/18/wKiom1cTOaTjqCQiAABfvZMX6a8364.png "title=" 23.png "Style=" Float:none; "alt=" Wkiom1ctoatjqcqiaabfvzmx6a8364.png "/>

24. Several names must be written vdm,vdm,vdm! Important thing to say three times!! Otherwise, the VCS will not be able to access and report SSL errors

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7F/18/wKiom1cTOaSDf-XlAAA00EKCE6U983.png "title=" 24.png "Style=" Float:none; "alt=" Wkiom1ctoasdf-xlaaa00ekce6u983.png "/>

25. Since the previous set is the automatic method, so after the application finished directly click on the installation certificate

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmGR-RGoAAAy-fUVqEc397.png "title=" 25.png "Style=" Float:none; "alt=" Wkiol1ctomgr-rgoaaay-fuvqec397.png "/>

26. Return to the Administrative Control unit of MMC add the current user information for the certificate, and we will see that the new certificate is installed in the current user's personal certificate, exporting him

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/15/wKioL1cTOmLBecSIAADc-ygYIb8977.png "title=" 26.png "Style=" Float:none; "alt=" Wkiol1ctomlbecsiaadc-ygyib8977.png "/>

27. Then import the exported certificate into the personal certificate of the local computer and remove the self-signed certificate

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/18/wKiom1cTOajwXtbmAACXhEmEVVs133.png "title=" 27.png "Style=" Float:none; "alt=" Wkiom1ctoajwxtbmaacxhemevvs133.png "/>

28. At this time to visit, will not report the certificate is not trustworthy,Composer Certificate replacement method in addition to the above, you also need to replace the certificate

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmTz3l4xAABj1j200rg072.png "title=" 28.png "Style=" Float:none; "alt=" Wkiol1ctomtz3l4xaabj1j200rg072.png "/>

29. First go to the composer server to stop the composer service

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/15/wKioL1cTOmWg1_WiAACRQUrYUvM266.png "title=" 29.png "Style=" Float:none; "alt=" Wkiol1ctomwg1_wiaacrquryuvm266.png "/>

30. Use the CD command to go to the installation directory of composer, and you can see a sviconfig program

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/15/wKioL1cTOmexOz8vAACgxSFMihw322.png "title=" 30.png "Style=" Float:none; "alt=" Wkiol1ctomexoz8vaacgxsfmihw322.png "/>

31. You can view the usage of this command by/?, replace the certificate with Replacecertificatates

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmiR8aSEAACIRkSCpCA212.png "title=" 31.png "Style=" Float:none; "alt=" Wkiol1ctomir8aseaacirkscpca212.png "/>

32. Find the way to replace the number of the certificate, wait for the replacement to restart the composer service, and the operation is complete.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7F/18/wKiom1cTOa3DI6qwAAB5-EaATPo253.png "title=" 32.png "Style=" Float:none; "alt=" Wkiom1ctoa3di6qwaab5-eaatpo253.png "/>

This article from "Rabbit-like rabbit sen Broken" blog, please be sure to keep this source http://arkling.blog.51cto.com/2844506/1764758

View6.2 replacing VCs and composer server certificates