Windows AD Certificate Services Family---Certificate publishing and Revocation (4)

Source: Internet
Author: User

Experiment: Configure an Online Responder

Lab Environment:

LON-DC1 windows2012r2 172.16.0.10 Ad+ca

LON-SVR2 WINDOWS2012R2 172.16.0.24 Contact Responder Server


Experimental steps:

Log in to LON-SVR2 with the domain Administrator account and run the PowerShell command: Add-windowsfeature adcs-online-cert-includemanagementtools

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/3A/wKiom1UCUTexKzFZAALgWD0PtuQ039.jpg "title=" QQ picture 20150313105228.jpg "alt=" Wkiom1ucutexkzfzaalgwd0ptuq039.jpg "/>

Once the installation is complete, we need to configure it and click "Configure Active Directory Certificate Services on target Server" from the Server Manager panel

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/3A/wKiom1UCUeGwnD6JAAPuJbmVohI457.jpg "title=" QQ picture 20150313105423.jpg "alt=" Wkiom1ucuegwnd6jaapujbmvohi457.jpg "/>

In the Setup wizard, use domain administrator credentials by default, click Next, select Online Responder

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/35/wKioL1UCVjDDbPKPAAOUYSyaksI976.jpg "title=" QQ picture 20150313110908.png "alt=" Wkiol1ucvjddbpkpaaouysyaksi976.jpg "/>

Then follow the wizard and click Next until the configuration is complete.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/3B/wKiom1UCVWeAMbKDAANRNuf5oKs789.jpg "title=" QQ picture 20150313111035.png "alt=" Wkiom1ucvweambkdaanrnuf5oks789.jpg "/>

After you configure the Online Responder, log on LON-DC1 Open the Certification Authority console and open the Properties page for ADATUM-ISSUINGCA

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/36/wKioL1UCgLziNVgCAANk6FYk7_k628.jpg "title=" QQ picture 20150313141038.jpg "alt=" Wkiol1ucglzinvgcaank6fyk7_k628.jpg "/>

Switch to the Extensions tab, select "Authorize information to access AIA" and add a URL address http://LON-DC1/ocsp, then tick "include in the AIA extension of the issued certificate" and "included in an extension of the online Certificate status protocol OCSP"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/3C/wKiom1UCgKXxD5MhAAQbVnD0FfI128.jpg "title=" QQ picture 20150313141503.jpg "alt=" Wkiom1ucgkxxd5mhaaqbvnd0ffi128.jpg "/>

Once setup is complete, you will be asked to restart Certificate Services, and we click "Yes"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/3C/wKiom1UCgPOzaGk2AAQ0Zu0u52o728.jpg "title=" QQ picture 20150313141622.jpg "alt=" Wkiom1ucgpozagk2aaq0zu0u52o728.jpg "/>

When the reboot is complete, we right-click on the certificate template in the Certification Authority console and select "Manage"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/36/wKioL1UCgpCTtnn4AAI8seoCaR0464.jpg "title=" QQ picture 20150313141828.jpg "alt=" Wkiol1ucgpcttnn4aai8seocar0464.jpg "/>

Locate the OCSP response signature template, double-click to open it, assign the authenticated users in the Security tab to enroll permissions

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/3C/wKiom1UCgx7Qjm2IAAR0X3D2Y2g809.jpg "title=" QQ picture 20150313142536.jpg "alt=" Wkiom1ucgx7qjm2iaar0x3d2y2g809.jpg "/>

After the modification, we go back to the Certification Authority console, add the modified template to the Certificate template container, right click on "certificate Template", select New certificate template to issue

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/37/wKioL1UChMyzhOPtAAOG6odnslk180.jpg "title=" QQ picture 20150313142759.jpg "alt=" Wkiol1uchmyzhoptaaog6odnslk180.jpg "/>

Then add our modified OCSP Response signature template to the certificate template

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/37/wKioL1UChRbBIMzRAAN5TalCagA790.jpg "title=" QQ picture 20150313142912.jpg "alt=" Wkiol1uchrbbimzraan5talcaga790.jpg "/>

After you have done the above setup, we switch to LON-SVR2 and open the Online Responder Management console from Server Manager

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/3C/wKiom1UChFuxccL6AAR2gRyCvko623.jpg "title=" QQ picture 20150313143055.jpg "alt=" Wkiom1uchfuxccl6aar2grycvko623.jpg "/>

Right-click on "Revocation Settings" in the console and select "Add Revocation Configuration"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/37/wKioL1UChfawW-XpAAJihGWyjss371.jpg "title=" QQ picture 20150313143257.jpg "alt=" Wkiol1uchfaww-xpaajihgwyjss371.jpg "/>

In the New Revocation Wizard, fill in the name of the revocation configuration "ADATUMCA Online Responder"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/37/wKioL1UChrWC-baJAANSf5mPv9M057.jpg "title=" QQ picture 20150313143603.jpg "alt=" Wkiol1uchrwc-bajaansf5mpv9m057.jpg "/>

Go to step, select CA certificate location, because our experiment is AD domain environment, so we use the first option by default, directly click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/3C/wKiom1UChjCSJZHrAAO4huzbd0U167.jpg "title=" QQ picture 20150313143844.jpg "alt=" Wkiom1uchjcsjzhraao4huzbd0u167.jpg "/>

Select the CA certificate page, we click Browse, select CA certificate ADATUM-ISSUINGCA, and then click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/3C/wKiom1UChn2Cp4Q1AAPybATjoBQ068.jpg "title=" QQ picture 20150313144002.jpg "alt=" Wkiom1uchn2cp4q1aapybatjobq068.jpg "/>

Select the signing Certificate page, we keep the default settings, click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/37/wKioL1UCiB7iZ1NzAAP9rae8pYU682.jpg "title=" QQ picture 20150313144158.jpg "alt=" Wkiol1ucib7iz1nzaap9rae8pyu682.jpg "/>

Then we can see that the wizard started setting up the revocation configuration

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/37/wKioL1UCiHWDzfZGAAOELPjsBOg188.jpg "title=" QQ picture 20150313144339.jpg "alt=" Wkiol1ucihwdzfzgaaoelpjsbog188.jpg "/>

After completing the wizard, in the right panel of the Online Responder Management console, we can see a textual description of the ADATUMCA Online Responder work, stating that our online Responder has been successfully set up.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/3D/wKiom1UCiG_QZNGjAAPizoVmb08081.jpg "title=" QQ picture 20150313144819.jpg "alt=" Wkiom1ucig_qzngjaapizovmb08081.jpg "/>

This article is from the "Dry Sea Sponge" blog, please be sure to keep this source http://thefallenheaven.blog.51cto.com/450907/1620091

Windows AD Certificate Services Family---Certificate publishing and Revocation (4)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.