域环境安装企业根CA
一、环境:在域环境下一台DC域控制器,IP地址:192.168.10.1
二、要求:安装企业根CA,申请一个用户证书
三、具体步骤:
在DC服务器先安装IIS,再安装证书服务。
![clip_image003[5]](https://s1.51cto.com/attachment/200904/20/545402_1240197035P4YI.jpg)
在Windows组件向导选择”证书服务“
![clip_image006[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197037oisW.jpg)
![clip_image008[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197040Apzb.jpg)
选择“企业根CA”
![clip_image011[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197042XGOk.jpg)
输入CA的公用名称,可以自定义
![clip_image014[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197043vhs8.jpg)
证书数据库保存路径
![clip_image016[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197045d7lO.jpg)
![clip_image018[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197049gbhi.jpg)
![clip_image020[4]](https://s1.51cto.com/attachment/200904/20/545402_124019705103dw.jpg)
点击“完成”证书服务安装成功。
![clip_image022[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197052Jr2M.jpg)
打开“证书颁发机构”
![clip_image025[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197053h4dI.jpg)
可以选择“停止证书服务”和“启动证书服务”
![clip_image027[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197054OfWM.jpg)
![clip_image029[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197059ASy5.jpg)
在客户端电脑打开IE,输入证书申请网站,用域帐号登入去申请用户证书
![clip_image031[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197061LI4m.jpg)
![clip_image033[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197063Su6c.jpg)
点击“提交”证书申请,因为是域环境,证书颁发机构会自动颁发证书
![clip_image035[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197065vFpt.jpg)
安装些证书
![clip_image037[4]](https://s1.51cto.com/attachment/200904/20/545402_124019706640U3.jpg)
![clip_image039[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197069swDG.jpg)
查看已颁发的证书
![clip_image041[4]](https://s1.51cto.com/attachment/200904/20/545402_1240197070RkIY.jpg)
转载于:https://blog.51cto.com/hukunlin/151497