Shulou(Shulou.com)06/02 Report--

Install the domain controller section:

1. Modify computer name IP address

two。 Install the AD DNS role

Run the Server Wizard

3. Configure AD domain (selected domain name, it is recommended to be consistent in public network)

Install and configure the Certificate Authority section:

1. Run the server wizard to install the following certificate roles

Certificate authority

Certificate Authority Web enrollment

two。 Configure Certificate Authority, Enterprise Root CA

3. Configure Certificate Authority WEB enrollment

4. Add CRL partial access method (http recommends using non-80 ports. If you want to use 80 ports, please check with the operator if you need to apply for registration)

5. * * Authority attribute, add certificate AIA partial access method (http recommends using non-80 ports)

On 6.IIS, bind the port used by the certificate CRL.

7.Windows Advanced Firewall adds a policy that allows inbound ports used by the certificate CRL.

Configure the certificate as the enterprise root certificate considerations:

1. Add CRL http for certificate authority pay attention to modify the port, insert variables manually, and copy directly will cause crl to be inaccessible.

two。 Publish CRL

Free wildcard certificate (suitable for testing, one-year term):

1. Use online tools to generate certificate request files and private key files.

CSR generated address: https://csr.chinassl.net/generator-csr.html

Please save the Key file properly and download the CSR and Key files

two。 Log in to the wildcard certificate application website and apply for the certificate using the request file generated in the first step.

Https://assl.loovit.com/

3. Log in to the mailbox and confirm the application.

You need to copy the red line to the browser for confirmation.

4. Confirm the email address to which the certificate was sent.

5. Log in to the mailbox and save the certificate in the body of the message as a text file in .txt format.

1 to confirm the file requested by the certificate, step 3 uses the mail, which contains the certificate file.

The following part of the message is the certificate file, and you need to set the

-BEGIN CERTIFICATE-

-END CERTIFICATE-

This part is copied and saved as a .txt certificate file.

6. Certificate synthesis PFX file tool.

Https://www.myssl.cn/tools/merge-pfx-cert.html

1 the Key file needed for synthesis is the Key generated in the first step.

2 the certificate file needed for synthesis is the certificate file saved in 5 steps.

Free Aliyun single domain name certificate (one year term):

1. Log in to Aliyun Certificate Management backend

two。 Purchase a certificate.

3. Complete the certificate to be completed

4. Enter the domain name used

5. Enter the information required for the certificate. If it is a domain name purchased by Wanwang, check the middle part and use the system to generate CSR.

6. Just submit it for review.

7. After the examination and approval, download the relevant certificate files.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.