安装OCS遇到的证书问题
来源:互联网 发布:美拍怎么放淘宝链接 编辑:程序博客网 时间:2024/06/02 03:40
先要安装证书服务
http://technet2.microsoft.com/windowsserver/en/library/4ffc15cf-f42f-43db-8eb9-fcd8c3102d621033.mspx?mfr=true
Install a stand-alone root certification authority
To install a stand-alone root certification authority
1.
Log on to the system as an Administrator, or if you have the Active Directory directory service, log on to the system as a Domain Administrator.
2.
Click Start, point to Settings, and then click Control Panel.
3.
Double-click Add or Remove Programs and then click Add/Remove Windows Components.
4.
In the Windows Components Wizard, select the Certificate Services check box. A dialog box appears to inform you that the computer cannot be renamed and that the computer cannot be joined to or removed from a domain after Certificate Services is installed. Click Yes, and then click Next.
5.
Click Stand-alone root CA.
6.
(Optional) Select the Use custom settings to generate the key pair and CA certificate check box, and then click Next to specify the following.
To set this Do thisCryptographic service provider (CSP)
In CSP, click the CSP that you want to use. The default is the Microsoft Strong Cryptographic Provider. Certificate Services does support third party CSPs, but you must refer to the CSP vendor's documentation for information about using their CSP with Certificate Services.
Hash algorithm
In Hash algorithm, click the hash algorithm you want to use. The default is SHA-1.
Use an existing key
Select the Use existing key check box, click Import, and then, in Open PFX File, type the file name and password of the public and private key pair. This is helpful if you are relocating or restoring a previously installed certification authority (CA). Note that, when using an existing key, a new certificate is generated.
Important
•Be sure that you select an existing key that you know to be uncompromised and trustworthy. Using a key that may be compromised or untrusted could cause this CA and all its issued certificates to be insecure.
Key length
In Key length, type or select a key length. The default key length using the Microsoft Strong Cryptographic Provider is 2048 bits. Default key lengths for other CSPs vary. In general, the longer the key length, the more secure the key is. Also, longer key lengths require more system resources for operations such as signing, encryption, and chain verification. For a root CA, you should use a key length of at least 2048 bits. This option is not available if you use existing keys.
Allow this CSP to interact with the desktop
Select the Allow this CSP to interact with the desktop check box. Without this option, system services cannot interact with the desktop of the user who is currently logged on.
Import
Click Import. This imports an existing key in the PKCS #12 PFX format.
View certificate
Click View certificate. This allows you to view the certificate that you select or generate during installation.
When you are done, click Next.
7.
Type the common name of the certification authority. None of this information can be changed after the CA setup is complete.
8.
In Validity period, specify the validity duration for the root CA. See the note below about considerations when setting this value. Click Next.
9.
Specify the storage locations of the certificate database, the certificate database log, and the shared folder. Click Next.
10.
If Internet Information Services (IIS) is running, you will receive a request to stop the service before proceeding with the installation. Click OK.
11.
If prompted, type the path to the Certificate Services installation files.
Notes
•To open a Control Panel item, click Start, click Control Panel, and then double-click the appropriate icon.
•If Active Directory is available and you have Write permission to Active Directory, then specifying the shared folder is optional.
•If Active Server Pages are not enabled through Internet Information Services, you will be prompted to activate them. The Web interface for the certification authority requires running Active Server Pages.
•The validity duration you choose for the CA will determine when the CA "expires." For information about renewing CAs, see Related Topics.
•To open Add/Remove Windows Components, click Start, click Control Panel, double-click Add or Remove programs, and then click Add/Remove Windows Components.
•For more information on any installation settings, see Related Topics.
Information about functional differences
Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web .
颁发证书给挂起的请求
发了一个pending request,需要颁发证书之后才可以用。于是。。。
Certificate Authority在中文版里边翻译成了 证书颁发机构
http://www.microsoft.com/technet/prodtechnol/office/livecomm/library/confcerts/lcscon_8.mspx
Step 1d: To install the certificate on the computer
If your CA requires CA administrator approval to issue a certificate, the administrator must manually approve or deny the certificate issuance request on the issuing CA. Otherwise, click Install this certificate and in the Potential Scripting Violation dialog box, click Yes.
To manually approve a certificate issuance request after the request is made
1.
Log on to the enterprise subordinate CA server with Domain Admins credentials.
2.
Click Start, click Run, type mmc, and then press ENTER.
3.
On the File menu, click Add / Remove Snap-in.
4.
Click Add.
5.
In Add Standalone Snap-in, click Certification Authority, and then click Add.
6.
In Certification Authority, accept the default option, Local computer (the computer this console is running on).
7.
Click Finish.
8.
Click Close and then click OK.
9.
In the MMC, expand Certification Authority, expand your issuing certificate server.
10.
Click Pending request.
11.
In the details pane, right-click the request identified by its request ID, point to All Tasks, and then click Issue.
12.
On your server from which you requested the certificate, click Start, and then click Run.
13.
Type http://<name of your Issuing CA Server>/certsrv and click OK.
14.
From Select a task, click View the status of a pending certificate request.
15.
From View the Status of a Pending Certificate Request, click your request.
16.
Click Install this certificate.
- 安装OCS遇到的证书问题
- win2003安装证书服务中遇到的问题
- 解决OCS Inventory安装后的警告
- app开发 关于证书遇到的问题
- 开发者证书遇到的一些问题
- 单点登录生成证书遇到的问题
- OCS Inventory 安装
- ocs-server 安装过程
- ocs-agent 安装过程
- linux下tomcat7配置startssl证书遇到的问题总结
- 真机调试遇到的一个证书问题以及解决办法
- 遇到“此网站的安全证书有问题”怎么办
- 证书签发工具程序编译遇到的问题及处理
- ios https访问自建证书时遇到的问题
- Tomcat配置SSL证书遇到的各种问题
- iOS证书与推送通知证书制作过程遇到的问题
- 极好的OCS博客
- 安装vs2005遇到的问题
- 用SQl Navigator5.5进行数据库开发的版本控制
- 浏览器首页被修改成不能再修改的怎么办?
- 体会_.NET_WebForm_文件操作
- 在ASP.NET中自动给URL地址加上超链接
- UNIX痛恨者手册
- 安装OCS遇到的证书问题
- 小技巧--进入PL/SQL DEVELOPER时自动切换到My objects
- 三个API函数可以运行可执行文件
- javascript实用代码大全(一)超经典★★★★★
- 软件即服务——让CRM抛弃软件
- JavaScript实用技巧集锦
- IT才市最看重的12项技能
- 用C实现字符串replace函数, 真累, 差点整不出来
- C#实现将字符串作为表达式运算