<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<meta name="generator" content="pdf2htmlEX">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<link rel="stylesheet" href="https://static.pudn.com/base/css/base.min.css">
<link rel="stylesheet" href="https://static.pudn.com/base/css/fancy.min.css">
<link rel="stylesheet" href="https://static.pudn.com/prod/directory_preview_static/62798c77517cd20ea4d51654/raw.css">
<script src="https://static.pudn.com/base/js/compatibility.min.js"></script>
<script src="https://static.pudn.com/base/js/pdf2htmlEX.min.js"></script>
<script>
try{
pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});
}catch(e){}
</script>
<title></title>
</head>
<body>
<div id="sidebar" style="display: none">
<div id="outline">
</div>
</div>
<div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/62798c77517cd20ea4d51654/bg1.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y2 ff1 fs0 fc0 sc0 ls0 ws0">Windows server 2003 CA<span class="_ _0"> </span><span class="ff2 sc1">配置</span>(<span class="ff2 sc1">一</span>)</div><div class="t m0 x2 h4 y3 ff3 fs1 fc1 sc0 ls0 ws0">CA:Certificate Authority,<span class="ff2">证书权威机构</span>,<span class="ff2">也称为证书颁发机构或认证中心</span>)<span class="ff2">是<span class="_ _1"> </span></span>PKI<span class="_ _1"> </span><span class="ff2">中受信任</span></div><div class="t m0 x3 h4 y4 ff2 fs1 fc1 sc0 ls0 ws0">的第三方实体<span class="ff3">.</span>负责证书颁发、吊销、更新和续订等证书管理任务和<span class="_ _1"> </span><span class="ff3">CRL<span class="_ _2"> </span></span>发布和事件日志</div><div class="t m0 x3 h4 y5 ff2 fs1 fc1 sc0 ls0 ws0">记录等几项重要的任务。首先,主体发出证书申请,通常情况下,主体将生成密钥对,有</div><div class="t m0 x3 h4 y6 ff2 fs1 fc1 sc0 ls0 ws0">时也可能由<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>完成这一功能,然后主体将包含其公钥的证书申请提交给<span class="_ _2"> </span><span class="ff3">CA</span>,等待年批准。</div><div class="t m0 x3 h4 y7 ff3 fs1 fc1 sc0 ls0 ws0">CA<span class="_ _2"> </span><span class="ff2">在收到主体发来的证书申请后,必须核实申请者的身份,一旦核实,</span>CA<span class="_ _1"> </span><span class="ff2">就可以接受该</span></div><div class="t m0 x3 h4 y8 ff2 fs1 fc1 sc0 ls0 ws0">申请,对申请进行签名,生成一个有效的证书,最后,<span class="ff3">CA<span class="_ _2"> </span></span>将分发证书,以便申请者可使</div><div class="t m0 x3 h4 y9 ff2 fs1 fc1 sc0 ls0 ws0">用该证书。<span class="ff3">CRL</span>:是被<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>吊销的证书的列表。</div><div class="t m0 x3 h4 ya ff2 fs1 fc1 sc0 ls0 ws0">  基于<span class="_ _2"> </span><span class="ff3">WINDOWS<span class="_ _1"> </span></span>的<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>支持<span class="_ _1"> </span><span class="ff3">4<span class="_ _2"> </span></span>种类型</div><div class="t m0 x3 h4 yb ff2 fs1 fc1 sc0 ls0 ws0">  企业根<span class="_ _2"> </span><span class="ff3">CA</span>:它是证书层次结构中的最高级<span class="_ _1"> </span><span class="ff3">CA</span>,企业根<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>需要<span class="_ _1"> </span><span class="ff3">AD</span>。企业根<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>自行</div><div class="t m0 x3 h4 yc ff2 fs1 fc1 sc0 ls0 ws0">签发自己的<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>证书,并使用组策略将该证书发布到域中的所有服务器和工作站的受信任</div><div class="t m0 x3 h4 yd ff2 fs1 fc1 sc0 ls0 ws0">的根证书颁发机构的存储区中,通常,企业<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>不直为用户和计算机证书提供资源,但是</div><div class="t m0 x3 h4 ye ff2 fs1 fc1 sc0 ls0 ws0">它是证书层次结构的基础。</div><div class="t m0 x3 h4 yf ff2 fs1 fc1 sc0 ls0 ws0">  企业从属<span class="_ _2"> </span><span class="ff3">CA</span>:企业从属<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>必须从另一<span class="_ _1"> </span><span class="ff3">CA</span>(父<span class="_ _1"> </span><span class="ff3">CA</span>)获得它的<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>证书,企业从属</div><div class="t m0 x3 h4 y10 ff3 fs1 fc1 sc0 ls0 ws0">CA<span class="_ _2"> </span><span class="ff2">需要<span class="_ _1"> </span></span>AD<span class="ff2">,当希望使用<span class="_ _2"> </span></span>AD<span class="_ _3"></span><span class="ff2">,证书模板和智能卡登录到运行<span class="_ _2"> </span></span>WINDOWS XP<span class="_ _1"> </span><span class="ff2">和<span class="_ _1"> </span></span>WIN2003</div><div class="t m0 x3 h4 y11 ff2 fs1 fc1 sc0 ls0 ws0">的计算机时,应使用企业从属<span class="_ _2"> </span><span class="ff3">CA</span></div><div class="t m0 x3 h4 y12 ff2 fs1 fc1 sc0 ls0 ws0">  独立根<span class="_ _2"> </span><span class="ff3">CA</span>:独立根<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>是证书层次结构中的最高级<span class="_ _1"> </span><span class="ff3">CA</span>。独立根<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>既可以是域的成</div><div class="t m0 x3 h4 y13 ff2 fs1 fc1 sc0 ls0 ws0">员也可以不是,因此它不需要<span class="_ _2"> </span><span class="ff3">AD</span>,但是,如果存在<span class="_ _1"> </span><span class="ff3">AD<span class="_ _2"> </span></span>用于发布证书和证书吊销列表,则</div><div class="t m0 x3 h4 y14 ff2 fs1 fc1 sc0 ls0 ws0">会使用<span class="_ _2"> </span><span class="ff3">AD</span>,由于独立根<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>不需要<span class="_ _1"> </span><span class="ff3">AD</span>,因此可以很容易地将它众网络上断开并置于安全</div><div class="t m0 x3 h4 y15 ff2 fs1 fc1 sc0 ls0 ws0">的区域,这在创建安全的离线根<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>时非常有用。</div><div class="t m0 x3 h4 y16 ff2 fs1 fc1 sc0 ls0 ws0">  独立从属<span class="_ _2"> </span><span class="ff3">CA</span>:独立从属<span class="_ _1"> </span><span class="ff3">CA<span class="_ _2"> </span></span>必须从另一<span class="_ _1"> </span><span class="ff3">CA</span>(父<span class="_ _1"> </span><span class="ff3">CA</span>)获得它的<span class="_ _2"> </span><span class="ff3">CA<span class="_ _1"> </span></span>证书,独立从属</div><div class="t m0 x3 h4 y17 ff3 fs1 fc1 sc0 ls0 ws0">CA<span class="_ _2"> </span><span class="ff2">可以是域的成员也可以不是,因此它不需要<span class="_ _1"> </span></span>AD<span class="ff2">,但是,如果存在<span class="_ _2"> </span></span>AD<span class="_ _1"> </span><span class="ff2">用于发布和证书</span></div><div class="t m0 x3 h4 y18 ff2 fs1 fc1 sc0 ls0 ws0">吊销列表,则会使用<span class="_ _2"> </span><span class="ff3">AD</span>。</div><div class="t m0 x3 h4 y19 ff2 fs1 fc1 sc0 ls0 ws0">下面来部署<span class="_ _2"> </span><span class="ff3">CA</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
</body>
</html>
Windows server 2003 CA服务配置
- Z3_719112了解作者
- 1.6MB文件大小
- rar文件格式
- 0收藏次数
- VIP专享资源类型
- 0下载次数
- 2022-04-09 10:45上传日期
CA:Certificate Authority,证书权威机构,也称为证书颁发机构或认证中心)是PKI中受信任的第三方实体.负责证书颁发、吊销、更新和续订等证书管理任务和CRL发布和事件日志记录等几项重要的任务。首先,主体发出证书申请,通常情况下,主体将生成密钥对,有时也可能由CA完成这一功能,然后主体将包含其公钥的证书申请提交给CA,等待年批准。CA在收到主体发来的证书申请后,必须核实申请者的身份,一旦核实,CA就可以接受该申请,对申请进行签名,生成一个有效的证书,最后,CA将分发证书,以便申请者可使用该证书。CRL:是被CA吊销的证书的列表。
CA服务配置.rar
- CA服务配置.doc2.4MB
内容介绍
评论
相关推荐
- 精通windows server2008精通windows server2008
- windows server2003 课件好东西大家分享 ppt 自学的好老师啊,内容齐全,想成为高手来看看吧
- Windows server 电子教案这是本人撰写的Windows Server2003的几个电子教案,供大家参考。
- Windows Server 2003Windows Server 2003基础、Windows Server 2003文件系统、网络打印机的设置和管理
- windows server分区工具windows server分区工具,调整分区大小,主分区转逻辑分区
- windows server 2003 课件windows server 2003 基础课件 想学的朋友可以下载的
- 优化 Windows Server 2008一键优化 Windows Server2008,加速Windows Server2008,希望对你有帮助
- windows server实验windows server实验指导书,里边包含了windows server2005的全部实验,主要是实验步骤
- Windows server2003 笔记Windows server2003 学习笔记 备考MCSE的好帮手。
- Windows server cusrmgr这是进行账号迁移所必须用到的三个软件