After we have built the view environment, because of VCs and composer self-signed certificates, each visit always prompts the certificate is not trustworthy. Here's how to replace a self-signed certificate with a certificate issued by a CA.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/15/wKioL1cTOarTUE4JAADpxnxhgP8797.png "title=" 0.png " alt= "Wkiol1ctoartue4jaadpxnxhgp8797.png"/>
1. Join a WINDOWS2008R2 server to the domain and let him become our CA server
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/15/wKioL1cTObqwytVDAACuB_ELpGk350.png "title=" 1.png " alt= "Wkiol1ctobqwytvdaacub_elpgk350.png"/>
2. Install the Active Directory Certificate service in the role
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7F/15/wKioL1cTOdTi_-MmAADLJegDNqM438.png "title=" 2.png " alt= "Wkiol1ctodti_-mmaadljegdnqm438.png"/>
3. Check the certification authority and allow Web enrollment
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/15/wKioL1cTOeOxULHwAAC-hJ-N83g282.png "title=" 3.png " alt= "Wkiol1ctoeoxulhwaac-hj-n83g282.png"/>
4. Select Enterprise CA
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7F/15/wKioL1cTOfSQ5WWPAAD9uN5gy5A924.png "title=" 4.png " alt= "Wkiol1ctofsq5wwpaad9un5gy5a924.png"/>
5. Select the root CA and keep the default configuration until the installation is complete
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7F/18/wKiom1cTOUvwbJllAAEFlPJD7Gs476.png "title=" 5.png " alt= "Wkiom1ctouvwbjllaaeflpjd7gs476.png"/>
6. The default CRL distribution point is unable to access the revocation list through HTTP, we need to manually add
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7F/15/wKioL1cTOkSBqk4mAAE-KDb3OP0033.png "title=" 6.png " Style= "Float:none;" alt= "Wkiol1ctoksbqk4maae-kdb3op0033.png"/>
7. The same needs to be added in the Authority Access 650) this.width=650; "Src=" http://s2.51cto.com/wyfs02/M01/7F/18/ Wkiom1ctoyvrl97caafxkps7qkc627.png "title=" 7.png "style=" Float:none; "alt=" wkiom1ctoyvrl97caafxkps7qkc627.png "/ >
8. Allow automatic issuance of certificates in the policy module
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/18/wKiom1cTOY3Amee2AAE3Ji6gk1E157.png "title=" 8.png " Style= "Float:none;" alt= "Wkiom1ctoy3amee2aae3ji6gk1e157.png"/>
9. Click Manage in the certificate template to create a certificate template for view
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/15/wKioL1cTOkrAmjJkAACi6H5u96I062.png "title=" 9.png " Style= "Float:none;" alt= "Wkiol1ctokramjjkaaci6h5u96i062.png"/>
10. Select Copy Web Server template when creating and modify it to be a new view template
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7F/15/wKioL1cTOkzSJVExAAEeJsypF3A297.png "title=" 10.png "Style=" Float:none; "alt=" Wkiol1ctokzsjvexaaeejsypf3a297.png "/>
11. In the request processing note to check the Allow to export the private key
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/18/wKiom1cTOZLyKqpOAAEeTaw-E5k879.png "title=" 11.png "Style=" Float:none; "alt=" Wkiom1ctozlykqpoaaeetaw-e5k879.png "/>
12. In return to the certificate template, select New to add the template that just created the view
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/15/wKioL1cTOk-zauaiAACKXZa4C5I407.png "title=" 12.png "Style=" Float:none; "alt=" Wkiol1ctok-zauaiaackxza4c5i407.png "/>
13. Publish a revocation List
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/18/wKiom1cTOZbQSGhQAAETDhivKQU641.png "title=" 13.png "Style=" Float:none; "alt=" Wkiom1ctozbqsghqaaetdhivkqu641.png "/>
14. Go to the VCS server and enter the certificate request address
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/18/wKiom1cTOZeTblLuAADcOiX_Y3E985.png "title=" 14.png "Style=" Float:none; "alt=" Wkiom1ctozetblluaadcoix_y3e985.png "/>
15. Due to IE's default security settings, we need to allow active content and invalid signature software to run in IE's program
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/18/wKiom1cTOZqSHH8CAAEj4ROZ5WY868.png "title=" 15.png "Style=" Float:none; "alt=" Wkiom1ctozqshh8caaej4roz5wy868.png "/>
16. At the same time, add the CA's request URL to the local intranet in security and minimize the security level
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/18/wKiom1cTOZzg-sRVAADlI48o0vs540.png "title=" 16.png "Style=" Float:none; "alt=" Wkiom1ctozzg-srvaadli48o0vs540.png "/>
17. Refresh the page again to access it normally. Since VCs was created before the CA, there is no reboot (after the CA takes effect, the computer that is joined to the domain automatically trusts), even if there is a CA in the domain now but he still has no trust, we need to manually add the trust (this method also applies to the PC in the workgroup)
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/15/wKioL1cTOlnzCol4AAB4xe9kKNc459.png "title=" 17.png "Style=" Float:none; "alt=" Wkiol1ctolnzcol4aab4xe9kknc459.png "/>
18. Download the CA certificate, which is used to do the trust
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOZ_BrGXgAABIRnxjG2k190.png "title=" 18.png "Style=" Float:none; "alt=" Wkiom1ctoz_brgxgaabirnxjg2k190.png "/>
19. Run MMC on the local computer, add the computer account that selected the certificate in the Delete snap-in, import the downloaded certificate to the trusted root certification authority
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOaCD55SDAAC6QvinHBM843.png "title=" 19.png "Style=" Float:none; "alt=" Wkiom1ctoacd55sdaac6qvinhbm843.png "/>
20. Return to the Application page and select the certificate request
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/18/wKiom1cTOaKiwfWPAACBv3mN7lM667.png "title=" 20.png "Style=" Float:none; "alt=" Wkiom1ctoakiwfwpaacbv3mn7lm667.png "/>
21. Select Advanced Certificate Request
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/18/wKiom1cTOaLiqblWAAAvoRoMhBM728.png "title=" 21.png "Style=" Float:none; "alt=" Wkiom1ctoaliqblwaaavoromhbm728.png "/>
22. Submit a request to the CA
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/18/wKiom1cTOaOwpTynAABQyjYegVk501.png "title=" 22.png "Style=" Float:none; "alt=" Wkiom1ctoaowptynaabqyjyegvk501.png "/>
23. Fill in the identification information (this information is the name of the certificate issued by the CA), and mark the key to export
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7F/18/wKiom1cTOaTjqCQiAABfvZMX6a8364.png "title=" 23.png "Style=" Float:none; "alt=" Wkiom1ctoatjqcqiaabfvzmx6a8364.png "/>
24. Several names must be written vdm,vdm,vdm! Important thing to say three times!! Otherwise, the VCS will not be able to access and report SSL errors
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7F/18/wKiom1cTOaSDf-XlAAA00EKCE6U983.png "title=" 24.png "Style=" Float:none; "alt=" Wkiom1ctoasdf-xlaaa00ekce6u983.png "/>
25. Since the previous set is the automatic method, so after the application finished directly click on the installation certificate
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmGR-RGoAAAy-fUVqEc397.png "title=" 25.png "Style=" Float:none; "alt=" Wkiol1ctomgr-rgoaaay-fuvqec397.png "/>
26. Return to the Administrative Control unit of MMC add the current user information for the certificate, and we will see that the new certificate is installed in the current user's personal certificate, exporting him
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/15/wKioL1cTOmLBecSIAADc-ygYIb8977.png "title=" 26.png "Style=" Float:none; "alt=" Wkiol1ctomlbecsiaadc-ygyib8977.png "/>
27. Then import the exported certificate into the personal certificate of the local computer and remove the self-signed certificate
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/18/wKiom1cTOajwXtbmAACXhEmEVVs133.png "title=" 27.png "Style=" Float:none; "alt=" Wkiom1ctoajwxtbmaacxhemevvs133.png "/>
28. At this time to visit, will not report the certificate is not trustworthy,Composer Certificate replacement method in addition to the above, you also need to replace the certificate
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmTz3l4xAABj1j200rg072.png "title=" 28.png "Style=" Float:none; "alt=" Wkiol1ctomtz3l4xaabj1j200rg072.png "/>
29. First go to the composer server to stop the composer service
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/15/wKioL1cTOmWg1_WiAACRQUrYUvM266.png "title=" 29.png "Style=" Float:none; "alt=" Wkiol1ctomwg1_wiaacrquryuvm266.png "/>
30. Use the CD command to go to the installation directory of composer, and you can see a sviconfig program
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7F/15/wKioL1cTOmexOz8vAACgxSFMihw322.png "title=" 30.png "Style=" Float:none; "alt=" Wkiol1ctomexoz8vaacgxsfmihw322.png "/>
31. You can view the usage of this command by/?, replace the certificate with Replacecertificatates
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7F/15/wKioL1cTOmiR8aSEAACIRkSCpCA212.png "title=" 31.png "Style=" Float:none; "alt=" Wkiol1ctomir8aseaacirkscpca212.png "/>
32. Find the way to replace the number of the certificate, wait for the replacement to restart the composer service, and the operation is complete.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7F/18/wKiom1cTOa3DI6qwAAB5-EaATPo253.png "title=" 32.png "Style=" Float:none; "alt=" Wkiom1ctoa3di6qwaab5-eaatpo253.png "/>
This article from "Rabbit-like rabbit sen Broken" blog, please be sure to keep this source http://arkling.blog.51cto.com/2844506/1764758
View6.2 replacing VCs and composer server certificates