Masana abwino owerenga okondedwa,
Ndikuuzani za zoopsa zomwe ndidadutsamo ndikusamuka ku CA kuchokera ku Windows 2008R2 kupita ku Windows 2012 R2. Pali zolemba zambiri pa intaneti zokhudzana ndi izi ndipo sipayenera kukhala vuto lililonse.
Kuchisoni changa, sindine Windows Admin kwenikweni, ndine wamkulu wa * nix, koma ntchito ya kusamuka kwa CA idakhazikitsidwa - iyenera kuchitika.
Pansi pa odulidwawo, ndikuwuzani momwe ndidapitilira njirayi ndipo ndidakhala ndi Osati-HappyEnd.
Ndiye tiyeni tizipita...
Zoyambira:
Kuchokera - Windows 2008 R2 yokhala ndi Root CA
Zolinga - Windows 2012R2
Ndinali ndi kale Windows 2012R2 yoikidwa ndikusinthidwa pang'ono.
Poyamba, ndondomeko ya zochita inali motere (zofupikitsidwa):
1) Pangani Backup CA+Private Key ndikuyikopera pagawo lofanana pamakompyuta onse awiri
2) Chotsani chandamale ku domain ndikusintha IP
3) Pangani chithunzithunzi cha seva
4) Sinthani IP pa gwero
5) Timapita ku seva yatsopano ya Windows 2012R2 monga woyang'anira - lowetsani mu domain ndi dzina lomwelo ndikugawa IP yakale.
6) Khazikitsani gawo la Active Directory Certificate Service (CA, CA Web Enrollment, NDES, Online Responder)
7) Tikuwonetsa kuti iyi ndi Enterprise CA
8) Bwezerani CA + Private Key kuchokera ku zosunga zobwezeretsera
9) Mapeto Osangalatsa
Gwirizanani, palibe chovuta. Ndipo ndinayamba kuyikhazikitsa. Ndipotu, panalibe mavuto ndipo zonse zinkayenda ngati clockwork ... Utumiki unayambika, Zitsanzo za Certificate zinawonekera ndipo zizindikirozo zinawonekera. Mwambiri, zonse zili bwino. Choncho ndinapita kukagona. M'mawa panalibe madandaulo okhudza ntchito ya CA ndipo chifukwa chake ndinaganiza kuti zonse zikugwira ntchito ndikupita ku ntchito zina. Powathetsa, ndinafunika satifiketi. Ndinapanga .csr ndikutsata ulalo kusaina ndikulandila satifiketi ndipo panthawiyi pachitika cholakwika. Tsoka ilo, sindinajambule skrini, koma idati zambiri za ogwiritsa ntchito ndi zolakwika zina. Chabwino, ife tiri pano, ndinaganiza. Ndinayamba googling, koma mwatsoka sindinapeze chilichonse chomveka.
Madzulo tinaganiza zochotsa CA Windows 2012R2 ndikuyika chilichonse chatsopano, kenako ndinalakwitsa; m'malo mwa Enterprise CA, ndinasankha njira ya Standalone CA (ngakhale ndinaphunzira za kulakwitsa kwanga pambuyo pake). Ndinachitanso ntchito zonse ... chirichonse chinapita popanda zolakwika - koma ndikasankha foda ya Certificate Templates, ndikupeza Element sichinapezeke, ngakhale ndikasankha Kusamalira, ndiye kuti ma templates ali m'malo.
Ndinaganiza kuti panalibe ufulu wokwanira wa CN=Sitifiketi Templates, kotero kugwiritsa ntchito ADSI Edit ndinapereka Read for vm_ca$. Ndinayambitsanso CertSvc ndi... zotsatira: Chinthu sichinapezeke.
Kenako ndinamva chisoni chifukwa inali 2 am... ndipo CA sanali kugwira ntchito. Ndimazimitsa CA Windows 2012R2 ndikubwezeretsa VM CA Windows 2008R2 kuchokera pachithunzi. Ndikubwezera seva ku AD (chifukwa ndikayesa kulowa ndi akaunti ya domain, cholakwika chimachitika pa ubale pakati pa seva ndi AD).
Chabwino, ndikuganiza ... zonse zikhala bwino tsopano, koma tsoka ... akadali ofanana Ma template a Certificate - Ndikupeza Element sinapezeke. Ndidzasiya zonse mpaka m'mawa - chifukwa m'mawa ndi wanzeru kuposa madzulo.
M'mawa ndidayang'ana ndikuwerenga zolemba zosiyanasiyana - ndidaganiza zokhazikitsanso CA pa seva yakale ndikuyembekeza kuthetsa vuto la Element Not Found ndikupereka satifiketi kudzera pa Webusayiti.
Njirayi ndiyosavuta:
1) Chotsani udindo wa CA
2) Zochulukira
3) Dikirani kuti njira yochotserayo ithe
4) Onjezani gawo la CA (tchulani CA, CA Web Enrollment, NDES, Online Responder)
5) Tikuwonetsa kuti ndili ndi Enterprise CA ndipo ndili ndi kiyi yachinsinsi
6) Timadikirira kuti kuyika kumalize ndikubwezeretsa zonse kuchokera ku zosunga zobwezeretsera zomwe tidapanga koyambirira.
7) Monga mwachizolowezi, chirichonse chimayenda ndi bang - palibe zolakwika ndipo ntchito inayamba
Ndi mtima wozama, ndikudina pa Zitsanzo za Certificate - ndipo ... Ndinapatsidwa mndandanda - ichi ndi chigonjetso chaching'ono. Zimatsalira kuyang'ana momwe ntchito yoperekera satifiketi ikuyendera kudzera pa Webusaiti. Ndimatsatira ulalo: ndikudina Pemphani Chiphaso ndiyeno pempho la satifiketi yotsogola... Ndimatchula pempho la .csr ndikulandila satifiketi yopangidwa kale. Ine exhale... Zinali zotheka kubwezeretsa CA.
Zotsatira:
1) Onetsetsani kuti mupange zosunga zobwezeretsera ndi chithunzithunzi
2) Lembani zochita zanu - izi zikuthandizani kuti mubweze chilichonse kapena kupeza cholakwikacho mwachangu
Ps Ndiyenera kuyesa kusamuka kwa CA kuchokera Windows 2008R kupita ku Windows 2012R2 kachiwiri.
Source: www.habr.com