Windows 2008 PKI Combat 1: Management

Source: Internet
Author: User
Tags new features strong password

Microsoft PKI has made many improvements in Windows Server 2008 and has added many features, the first of which is certificate lifecycle management, especially with regard to automatic registration of computers and user certificates. In Windows Server 2008, Certificate Lifecycle Management is enhanced by the use of certificate roaming new features. We will describe this feature later.

A more general practice for developers is to link the PKI infrastructure with the business applications of the company. A good example is the company's search for a smart card or strong identity to integrate into its own software. The new Certificate Enrollment application interface allows this functionality to be more smoothly integrated.

On the server side, enhancements to usability are reflected in the management and deployment of Certificate Services. There has also been a significant increase in certificate revocation, especially with regard to revocation checking.

Instance Environment

Here are some examples to illustrate:

We use a server named Sea-dc-01, which is a domain controller, a DNS server, and then we will demonstrate how to install the Active Directory Certificate Services role. As shown in Figure 1:

Demonstrate a PKI in Windows Server 2008

Windows Server 2008 contains the Add Roles Wizard. The Add Role Wizard can be used not only to install roles, it also contains the configuration of roles. The key configuration tasks that must be performed to make the role work correctly are part of the wizard. All configurations that show up in the Add Roles Wizard are safe by default and have the default smart optimizations for IT professionals. Our first step is to open the Server Manager. Server Manager displays all the different roles from the details. Currently, the Active Directory Domain service and the DNS server role are configured. What we are going to add today is Certificate Services. First we need to add IIS roles.

As a best practice, we should always assign a strong password to the administrator, set up a static IP, and ensure that the operating system has the latest security update applied.

We will select the Active Directory Certificate service, as shown in Figure 2. Our wizards will show personalized steps based on the roles we want to add.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.