Mholo mfundi othandekayo,
Ndiza kukuxelela ngephupha elibi endahamba kulo ngokufuduka kwe-CA ukusuka kwi-Windows 2008R2 ukuya kwi-Windows 2012 R2. Kukho amanqaku amaninzi kwi-intanethi malunga noku kwaye akufuneki kubekho naziphi na iingxaki.
Ukuzisola kwam, andiyena ngokwenene uMlawuli weWindows, ndingumlawuli we-nix, kodwa umsebenzi wokufuduka kwe-CA wamiselwa - kufuneka wenziwe.
Ezantsi kokusikwa, ndiza kukuxelela indlela endihambe ngayo kule nkqubo kwaye ndaphela ndingenawo-HappyEnd.
Kwaye ke masihambe...
Idatha yokuqala:
Umthombo -IWindows 2008 R2 ene Root CA
Ekujoliswe kuko -IWindows 2012R2
Sele ndinayo iWindows 2012R2 efakiweyo kwaye iqwalaselwe kancinci.
Ekuqaleni, isicwangciso sokusebenza sasimi ngolu hlobo lulandelayo (izenzo ezifinyeziweyo):
1) Yenza i-Backup CA + iSitshixo saBucala kwaye uyikopishe kwisabelo esiqhelekileyo kuzo zombini iikhomputha
2) Susa ithagethi kwi-domain kwaye utshintshe i-IP
3) Yenza i-snapshot yomncedisi
4) Guqula i-IP kumthombo
5) Siya kwintsha Windows 2012R2 iseva njengomlawuli - yifake kwisizinda ngegama elifanayo kwaye unike i-IP endala.
6) Misela indima yeNkonzo yeSatifikethi seSatifikethi esiSebenzayo (i-CA, uBhaliso lweWebhu ye-CA, i-NDES, i-Online Responder)
7) Sibonisa ukuba le yi-Enterprise CA
8) Buyisela i-CA + iSitshixo saBucala kwi-backup
9) Isiphelo esivuyisayo
Vuma, akukho nto inzima. Ndaye ndaqalisa ukuyiphumeza. Enyanisweni, kwakungekho ngxaki kwaye yonke into yayihamba njenge-clockwork ... Inkonzo yaqala, iZifanekiso zeSatifikethi zavela kwaye iziqinisekiso ngokwazo zavela. Ngokubanzi, yonke into ilungile. Ndiye ndalala. Ekuseni kwakungekho zikhalazo malunga nomsebenzi we-CA kwaye ngoko ke ndacinga ukuba yonke into iyasebenza kwaye ndiqhubela phambili kweminye imisebenzi. Kwinkqubo yokuzisombulula, ndadinga isatifikethi. Ndenze i.csr kwaye ndalandela ikhonkco ukusayina kunye nokufumana isatifikethi kwaye ngeli nqanaba kwenzeke impazamo. Ngelishwa, andizange ndithathe umfanekiso weskrini, kodwa yathi ulwazi lomsebenzisi alufani kunye nezinye iimpazamo. Ewe, silapha, ndacinga. Ndaqalisa i-googling, kodwa ngelishwa andizange ndifumane nto iqondakalayo.
Ngokuhlwa sagqiba ekubeni sisuse i-CA Windows 2012R2 kwaye sifake yonke into entsha, kwaye emva koko ndenze impazamo; Ndenze yonke imisebenzi kwakhona ... yonke into yahamba ngaphandle kweempazamo - kodwa xa ndikhetha ifolda yeSatifikethi seSatifikethi, ndifumana i-Element ayifumanekanga, nangona ukuba ndikhetha uLawula, ke iitemplates zikhona.
Bendicinga ukuba akukho malungelo aneleyo ale CN=Izakhelo zeSatifikethi, ngoko ke usebenzisa i-ADSI Hlela ndinike iFunda ye-vm_ca$. Ndaphinda ndaqalisa i-CertSvc kunye... iziphumo: I-Element ayifunyenwanga.
Ndaye ndanombilini ngoba kwakungo 2 am... kwaye iCA yayingasebenzi. Ndicima i-CA Windows 2012R2 kwaye ndibuyisele i-VM CA Windows 2008R2 kwisnapshot. Ndibuyisela iseva kwi-AD (kuba xa ndizama ukungena nge-akhawunti yesizinda, ndifumana iphutha malunga nobudlelwane phakathi komncedisi kunye ne-AD).
Ewe, ndicinga ukuba ... yonke into iya kulunga ngoku, kodwa maye ... kusekho iZifanekiso zeSatifikethi ezifanayo - ndifumana i-Element ayifumanekanga. Ndiya kushiya yonke into kude kube kusasa - kuba kusasa kulumkile kunangokuhlwa.
Ngentsasa ndiye ndangena kwiGoogle ndaza ndafunda amanqaku ahlukeneyo-ndaye ndagqiba ekubeni ndibuyisele i-CA kwiseva endala ngethemba lokusombulula ingxaki ye-Element ayifunyenwanga kunye nokukhupha izatifikethi ngeWebhu.
Inkqubo ilula kakhulu:
1) Cima indima ye-CA
2) Ukulayisha ngaphezulu
3) Lindela ukuba inkqubo yokususa igqitywe
4) Yongeza indima ye-CA (chaza i-CA, i-CA Web Enroment, i-NDES, i-Online Responder)
5) Sibonisa ukuba ndine-Enterprise CA kwaye ndinesitshixo sabucala
6) Silindele ukufakwa kukugqiba kwaye ubuyisele yonke into kwi-backup esiyenzileyo ekuqaleni.
7) Njengesiqhelo, yonke into ihamba nge-bang - akukho ziphoso kwaye inkonzo iqalile
Ngentliziyo etshonayo, ndicofa kwiiMpawu zeSatifikethi - kwaye ... ndinikwe uluhlu - oku sele sele kuyimpumelelo encinci. Kuhlala ukujonga ukusebenza kokukhupha isatifikethi ngeWebhu. Ndilandela ikhonkco: kwaye ucofe ku Cela iSatifikethi kunye nesicelo sesatifikethi esiphezulu... Ndichaza isicelo se-csr kwaye ndifumane isatifikethi esele senziwe. Ndiyakhupha ... Kwakunokwenzeka ukubuyisela i-CA.
Izigqibo:
1) Qiniseka ukuba wenze i-backup kunye ne-snapshot
2) Bhala izenzo zakho - oku kuya kukunceda ukuba ubuyisele yonke into okanye ufumane impazamo ngokukhawuleza
Ps Kufuneka ndizame ukufuduka kwe-CA ukusuka kwi-Windows 2008R ukuya kwi-Windows 2012R2 kwakhona.
umthombo: www.habr.com