Sawubona mfundi othandekayo,
Ngizokutshela ngephupho elibi engadlula kulo ngithutha i-CA isuka ku-Windows 2008R2 iya ku-Windows 2012 R2. Kunezihloko eziningi ku-inthanethi mayelana nalokhu futhi bekungafanele kube nezinkinga.
Ukuzisola kwami, empeleni angiyena u-Windows Admin, ngingumqondisi we-*nix, kodwa umsebenzi wokufuduka kwe-CA wawusethiwe - udinga ukwenziwa.
Ngezansi kokusikwa, ngizokutshela ukuthi ngidlule kanjani kule nqubo futhi ngagcina ngingeyona i-HappyEnd.
Ake sihambe...
Idatha yokuqala:
Umthombo - I-Windows 2008 R2 ene-Root CA
Ithagethi - IWindows 2012R2
Bengivele ngine-Windows 2012R2 efakiwe futhi ilungiselelwe kancane.
Ekuqaleni, uhlelo lokusebenza belumi kanje (izenzo ezifushanisiwe):
1) Yenza i-Backup CA+Private Key bese uyikopishela ekwabelaneni okuvamile kwawo womabili amakhompyutha
2) Susa okuqondiwe esizindeni bese ushintsha i-IP
3) Yenza isifinyezo seseva
4) Shintsha i-IP emthonjeni
5) Siya kuseva entsha ye-Windows 2012R2 njengomlawuli - yifake esizindeni ngegama elifanayo bese unikeza i-IP endala.
6) Setha indima Yesevisi Yesitifiketi Sohlu Lwemibhalo Esebenzayo (i-CA, Ukubhaliswa Kwewebhu kwe-CA, i-NDES, Isiphenduli Se-inthanethi)
7) Sikhombisa ukuthi lena yi-Enterprise CA
8) Buyisela i-CA+Private Key kusuka kusipele
9) Ukuphela Okujabulisayo
Vumelana, akukho lutho oluyinkimbinkimbi. Futhi ngaqala ukukusebenzisa. Eqinisweni, azikho izinkinga futhi konke kwakuhamba njengewashi... Inkonzo yaqala, kwavela Izifanekiso Zesitifiketi kwavela izitifiketi ngokwazo. Ngokuvamile, konke kulungile. Ngakho ngalala. Ekuseni azikho izikhalo ngomsebenzi we-CA ngakho-ke ngacabanga ukuthi konke kuyasebenza ngase ngiqhubekela kweminye imisebenzi. Ngesikhathi ngizixazulula, ngadinga isitifiketi. Ngidale i-.csr futhi ngalandela isixhumanisi ukusayina nokwamukela isitifiketi futhi kulesi sigaba kwenzeke iphutha. Ngeshwa, angizange ngisithathe isithombe-skrini, kodwa sithe imininingwane yomsebenzisi engafani namanye amaphutha. Hhayi-ke, sesilapha, ngacabanga. Ngaqala ukwenza i-googling, kodwa ngeshwa angitholanga lutho oluqondakalayo.
Kusihlwa sinqume ukususa i-CA Windows 2012R2 futhi sifake yonke into entsha, ngabe ngenza iphutha; esikhundleni se-Enterprise CA, ngakhetha inketho ye-Standalone CA (yize ngafunda ngephutha lami kamuva). Ngenze yonke imisebenzi futhi... konke kwahamba ngaphandle kwamaphutha - kodwa uma ngikhetha ifolda Yezifanekiso Zesitifiketi, ngithola i-Element ingatholakali, nakuba uma ngikhetha Phatha, khona-ke izifanekiso zisendaweni.
Bengicabanga ukuthi awekho amalungelo anele alezi zifanekiso ze-CN=Sitifiketi, ngakho-ke ngisebenzisa i-ADSI Hlela engikunike i-Read ye-vm_ca$. Ngiqale kabusha i-CertSvc futhi... umphumela: Isici asitholakali.
Ngabe sengizizwa ngidabukile ngoba kwakungo-2 am... kanti i-CA yayingasebenzi. Ngicisha i-CA Windows 2012R2 futhi ngibuyisele i-VM CA Windows 2008R2 kusuka kusifinyezo. Ngibuyisela iseva ku-AD (ngoba uma ngizama ukungena nge-akhawunti yesizinda, kwenzeka iphutha mayelana nobudlelwano phakathi kweseva ne-AD).
Hhayi-ke, ngicabanga ukuthi... konke kuzolunga manje, kodwa maye... kusefana nezifanekiso zesitifiketi - ngithola i-Element ingatholakali. Ngizoshiya konke kuze kube sekuseni - ngoba ekuseni kuhlakaniphe kunakusihlwa.
Ekuseni ngi-google futhi ngafunda izindatshana ezahlukahlukene - nginqume ukufaka kabusha i-CA kuseva endala ngethemba lokuxazulula inkinga ye-Element Not Found kanye nokukhipha izitifiketi ngewebhu.
Inqubo ilula kakhulu:
1) Susa indima ye-CA
2) Ukulayisha ngokweqile
3) Linda ukuthi inqubo yokususa iphele
4) Engeza indima ye-CA (chaza i-CA, Ukubhaliswa Kwewebhu kwe-CA, i-NDES, Isiphenduli Se-inthanethi)
5) Sibonisa ukuthi ngine-Enterprise CA futhi nginokhiye oyimfihlo
6) Silinda ukufakwa kuqede futhi sibuyisele yonke into kusuka kusipele esisenze ekuqaleni.
7) Njengenjwayelo, konke kuhamba nge-bang - awekho amaphutha futhi isevisi iqalile
Ngenhliziyo eshona phansi, ngichofoza Izifanekiso Zesitifiketi - futhi... Nganikezwa uhlu - lokhu kakade ukunqoba okuncane. Kusele ukuhlola ukusebenza kokukhishwa kwesitifiketi ngeWebhu. Ngilandela isixhumanisi: bese uchofoza kokuthi Cela Isitifiketi bese ucela isitifiketi esithuthukisiwe... Ngicacisa isicelo se-csr bese ngithola isitifiketi esenziwe ngomumo. Ngikhipha umoya... Kwakungenzeka ukubuyisela i-CA.
Iziphetho:
1) Qiniseka ukuthi wenza isipele kanye nesifinyezo
2) Bhala izenzo zakho - lokhu kuzokusiza ukuthi ubuyisele yonke into noma uthole iphutha ngokushesha
Ps Kufanele ngizame ukufuduka kwe-CA kusuka ku-Windows 2008R kuya ku-Windows 2012R2 futhi.
Source: www.habr.com