Upgrade Server 2008 - Internet Information Services — IIS phan 2 Dé cai dat Certificate CA ban vao lai Server Manager chon Roles -> Add Roles Trong man hinh Select Server Roles ban cho
Trang 1Upgrade Server 2008 - Internet Information Services — IIS (phan 2)
Dé cai dat Certificate (CA) ban vao lai Server Manager chon Roles ->
Add Roles
Trong man hinh Select Server Roles ban chon Active Directory
Certificate Services
Add Roles Wizard
» Select Server Roles
Í⁄j Web Server (IIS) (Installed)
(_] Windows Deployment Services
Trong man hinh Select Role Services ban chon 2 muc 1a Certification
Authority va Certification Authority Web Enrollment
Trang 2Add Roles Wizard
Trong bài do tôi chỉ khảo sát CA trong môi trường WORKGROUP mà thôi nên trong cửa sô Speclfy Setup Type tôi chọn Standalone
LÝ, V0 1 Bu lee las
ic Specify Setup Type
Before You Begin Certification Authorities can use data in to simplify the issuance and management of
certificates Specify whether you up an Enterprise or Standalone CA, Server Roles
Role Services Sciect this option if the member of s domain and can use Directory Service to Gsue and manage
cer bfcates oy
¢
Ales @ Standalone
Provate Key Select if this CA does not use Directory Service dats to issue or manage certificates A
Cryptograghy can be a member of 8 domain
CA Name
Validity Period
Certifcate Database
Chon Root CA
ve ee ete las
i’ Specify CA Type oe”
Before You Begin A combination of root and subordinate be configured to creste 8 hierarchical public key infrastructure
(XI) A root CAs a CA that issues self-signed certificate A subordinate CA receives its certificate
Server Roles Som another CA Speafy whether to set up @ root or subordinate CA
Role Services @ Root ca Ớ
em Sdec the cpkơn £vẩNÖềc tang the ret or ety certcaton authority a pubic key nfastuchie
c Private Key Select if your CA wil obtain ts CA cerbficate from another CA higher in a public key
Cryptography š
CA Name
Validity Period
Chon tiép Create a new private key
Trang 3Add Roles Wizard
2L Ẳ |H Li%C 1x d>>Q(L4G(C 04V GV RC
rovider, bash slaocithm, See eats adie an o> Rated
Tiếp tục tại cửa số Configure CA Name đặt tên cho CA cua ban trong bài giả sử tôi đặt là SERVER-CA
Trang 4Add Roles Wizard
ic Configure CA Name
ee
yey
"
Màn hình Select Role Services giữ nguyên giá trị mặc định
Add Roles Wứïard
1Š Select Role Services
EI [Vì Common HTTPESStre
(⁄) Stabc Co ent (Instaled)
a ent (Installed)
J gagPriory Browsing (Installed)
P Errors (Installed)
(Installed)
[¥] Request Monitor (Installed)
[V] Traong
M1 ane]c tancinn TNC
Sau khi hoan tat cai dat CA ban tré lai IIS tai man hinh IIS nhap chon
Server Certificates
Trang 5= Internet Information Services (IIS) Manager
sổ cảng 1 Ky Thuat Vien © tion Compression # Default @ Directory CỔ
+ Document Browsing
+ Error Pages Handler HTTP Logging
ef a rio
MIME Types Modules Output Server
Caching Certificates
Trong man hinh Server Certificates ta nhan thay chi co mot Certificate mac dinh la SERVER-CA
Bây giờ ta sé tién hanh xin Certificate cho Web Server bằng cách nhấp
vao Create Certificate Request
Trong Distinguished Name Properties ban nhap thong tin cho
Certificate các thông tin trong này bạn tùy thích chỉ có thông tin trong Common name là quan trọng nhất và ta phải nhập chính xác thông tin trong Common name nay
Do tôi xin Certificate cho trang www.gccom.net nén trong nay t6i nhap
la www.gcom.net
Trang 6
i Request Certificate
Trong man hinh Cryptographic Service Provider Properties git nguyên giá trị mặc định
BS
| Request Certificate
a
Trong cửa số File Name bạn nhập đường dẫn để CA trích xuất
Certificate trong bai vi du la C:\gccom.txt
Trang 7
Trong 6 dia C:\ sé xuat hién file gecom.txt
L ocal Disk (C:)
=
[EE Administrator 1/12/2009 2:48PM File Folder
D) Public 1/15/2009 12:34 Fie Folder
Mi Computer 1/15/2009 9:37 AM File Folder
~
'§* Network
[| Control Panel
'@ Recyde Bin
Ban mo file gecom.txt lén copy toàn bộ nội dung này
Trang 8W{ gccom - Notepad _ =|DỊ xị
File Edit Format View Help
TP eee
-~=-BEGIN NEW CERTIFICATE REQUEST-
MIIDUTCCAr OCAQAWb ]ELMAKGA1UEBhMCVVM xEDAOBG NVBAQMBOGVIEN\
BONVBACMC I RpZW4gR 21h ca XDZ ANBONVBS AOMBKGDIENVDTEPMAOGAILUECWWGNTE
MZCZMRYWFAYDVOODD/ : VOMTGfMAOGCSqGSIb3DQEBAQUAA4C
AADC B 1 QKBGQDQC NwCKIZUGQ7 1D4GGyH7 JBis8&cl
coi UqwbP ' f2wzpH Ha0XV/3wSVtzosqzdv
2Y1U+NQpm1h o Shid2alTRBkHr7YSQIDAQABOT!I
IBQwGUOVSVk IREvCgwL SWS ÌdE1nc 5 ÌeGUwcgyY
q wBDAGGAYQBuUA SAZWBYAGE ACABOAGKAYWAGAFA
icg BVAHYAaQBKA ‹OMYHBM1G+MA4GA1UdDWEB/w@Q
lAw1E8DATBgNVH kqhkiG9wOBCQ8EazBpMA4GCCc
ISIb30QMC atta! YIYIZIAWUDBAE QMASGCWCGSAF
ees 2s sa - Rightto order EFMACGBSSOAWTHMAoGCCqGS1I
ee HMBOGA1Ud Show control characters 3KL 7 10s ]ANBgkghk1G9wOBAQL
lAAOB gQBhGega PC7+F 3DEgR/7r SBr ai7 3636AA
J/FLFC1M7/pMFrZ control character > 1D 585 /BmNOM24 1ta69MCO Ì Tứ
laIhnED1 5Uvg5 L4, 00 2909) reer
mm Seem «=| (Open IME
4Í Reconversion
m
Select All
Tiếp theo bạn vào trang web của CA Server đề xin Certificate tiếp tục nhâp vào Request a certificate
/~ Microsoft Active Directory Certificate Services - Windows Internet Explorer
GS + J@) http://192 168 1 1/certsrv/ #||*+|| | [Lxe sexe
we we Emucosoft Active Drectory Certificate Services | |® ~ BD - ah ~ [Pave + G
Welcome
%,
Use this Web site to request a certificate for y eb browser, e-mail clien other program By using a certificate, you can Verify your identity to people y communicate with over the Web, sign a t messages, and, dependi upon the type of certificate you request orm other security tasks
You can also use this Web site to,download a certificate authority (CA) certi
certificate chain, or certificate re tion list (CRL), or to view the status of < pending request
For more information
ifi Active eeu ies Services, see Activ Select a task:
Request a certificate
View th f i ificate r
wnl A certificat ificat in, or
Nhấp chon Advanced certificate request
Trang 9
| /- Microsoft Active Directory Certificate Services - Windows Internet Explorer
Go xe: http://192 168 1 L/certerv/cerrqus.z ] 44K Jive Search
we a @ Microsoft Active Directory Certificate Services | kà- E] : 3‹ -›>Paœ +
cnt AD Ck Sci SESVERCA
Request a Certificate â
GS
Seo the Cami iype: @”
Tiếp tục nhấp vào Link thứ 2 bờn dưới
G-E SIE eer] ty |} 26) five search po)
we _Gmcrosoh Active Drectory Certfcate Services | |đằa
Advanced Certificate Request <<
The policy of the CA determines the woe of certificates you can request Click
one of the following ee to: _
Tại mục Saved Request ban dan noi dung copy trong file gccom.txt
Trang 10> Microsoft Active Dirccbocý Certificate Services - Windows Internet Je
:,È Page + Gr Saar ed Pane
certificate request DzANBgNVBAcMBkdD
(CMC or cuZ2Njb20ubmVOMIGE
PKCS #10 or Cw7vdlesdVaZrvsHFyww
Additional Attributes: =
Attributes: ls
Lm certsrv - [Ce ertification FT Giai (Local)\SE RVER-CA\Pendin ST
Tai may Web Server vao lai man hinh Web cua CA dé xem trang thai
của Certificate và tiên hành cài đặt CA về máy
Trang 11
{> Microsoft Active Directory Certificate Services - Windows Internet Explorer
GO -le http: //192 168 1 1/certsrv/ CÁ Án [
teh = op Page © 9m
ee GB Microsoft Active Directory Certificate Services
Welcome
%
Use this Web site to request a certificate for yo browser, e-mail client, or other program By using a certificate, you can your identity to people you communicate with over the Web, sign and it messages, and, depending upon the type of certificate you request, other security tasks
You can also use this Web site to oad a certificate authority (CA) certificate certificate chain, or certificate r ion list (CRL), or to view the status of a pending request
For more information siết Directory Certificate Services, see Active
JOWMOEG fd VA CENnNICale, Ceninicate Chgail, OF URI
Nhấp vào Saved Request Certificate
/` Microsoft Active Directory Certificate Services - Windows Internet Explorer
GO lel re92 18.1 seerevfendonss] +4) apne sexo
we (@Microsoft Active Directory Certificate Seruces | SẾ† đi + E] - đe v - Page v
View the Status of a Pending Certificate Request
Nhap chon Download certificate
Trang 12[- pacha Active Directory Certificate Services - pitas init psn!
Tre
may not display correctly
Microsoft
The certificate you r ed was issued to you
¢D ncoded or © Base 64 encoded Download certificate
Download certificate chain
Trong bai t0i sé luu file nay vao C:\c6 tén 1a certnew.cer
Eee " Disk ra )
Quay trở lai man hinh Server Certificates cia IIS bạn nhấp chọn
Complete Certificate Request
Trang 13
Internct Information Services (11S) Manager
— eee
GS (&> == ›
c
ma“
s S semen oer PR \Admenistrator) 0 GA G NA that He Web server
> application Can use with Web sites
sả" SERVER-CA
Chọn file certnew.cer trong cửa số Specify Certificate Authority Response va dat tén cho Certificate nay la Web GCC
Complete Certificate Request
Nhận thấy trong màn hình Server Certifieate sẽ xuất hiện thêm một Certificate mới đây chính là Certificate cho Website của bạn
= Internet Information Services (IIS) Manager
°
oy Server Certificates
Use this feature to request and manage certificates that the Web s: can us ith Web sites configured for SSL
xá T<
cu iO
SERVER -CA
Bây giờ tôi sẽ câu hình SSL cho trang gecom.net nén tai GC Com Co ban nhap phai chon Edit Bindings
Trang 14
Trong cửa số Add Site Bendings ban chon giao thitc https trong Type
Trong SSL certificate ban chon la Web GCC
| Add Site Bmding
Màn hình sau khi hoàn tất
Site Bindings
Bây giờ từ máy Client ta truy cập thử trang øccom.net với giao thức SSL
sẽ thầy truy cập thành công
Trang 15
` https://www.gccom.net/ - Windows Internet Explorer
| x y dâh v rở
WWW.øccom.net me
3”
‹+
OK minh via trinh bay xong phan Internet Information Services - IIS
trong 70-648, 70-649 cua MCSA