How to set up CA server on server 2012

最新推荐文章于 2025-11-16 18:19:15 发布
原创 最新推荐文章于 2025-11-16 18:19:15 发布 · 540 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#ca #server

本文详细介绍在Windows Server 2012环境下安装配置证书颁发机构(CA)服务器的过程,包括安装环境要求、步骤详解及常见问题解答,如禁用挑战密码等。

1.      Installationenvironment

(1)   windows edition: windows server 2012 standard

(2)   System type: 64-bit Operating system, x64-basedprocessor

(3)   Processor: Intel(R) Xeon(R) CPU E5620 @2.40GHz2.39GHz

(4)   Installed memory(RAM): 8.00G

2.      installCA server

(1)     open the Server Manager->select Dashboard->clickAdd roles and features->next

(2)     select Role-based or feature-basedinstallation->next

(3)     select a server from the server pool->next

(4)     select Active Directory Services->next

(5)     select .Net Framework3.5 Features->next->next

(6)     select CertificationAuthority&&Certification Authority Web Enrollment->next

(7)     click Add features->Addfeatures->next->next

(8)     select Web server in roles services->next

(9)     click install

3.      configureCA server

(1)     click the yellow flag on the title->clickConfigure Active Directory Certificate Services

(2)     select Credentials -> next

(3)     select Certification Authority&& CertificationAuthority Web Enrollment ->next

(4)     select standalone-CA -> next

(5)     select root-CA -> next

(6)     select create new private key ->next

(7)     set the Key length->next

(8)     set CA-name ->next

(9)     set term of validity->next

(10)  setthe location of CA database ->next

(11)  selectWindows integrated authentication->next->next

(12)  clickconfigure

(13)  complete

(14)  visitthe URL “IP/certsrv/”, confirm installation success.

4.      installNDES(SECP)

the process is similar to CA server.

5.      FAQ

(1)   How to disable the challenge password?

1)     Click Start enter regedit in the search bar.

2)     Navigate to Computer > HKEY_LOCAL_MACHINE> SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword.

3)     Ensure that the EnforcePassword valueis set to 0 (the default value is 1).

(2)   How to set static challenge password?

1)     Ensure that the UseSingle Password valueis set to 0 (the default value is 1).

(3)   How to set the Valid date of CA Certificate?

1)   click the following registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

2)   In the right pane,double-click ValidityPeriod.

3)   In the Value data box,type one of the following, and then click OK:

4)   Days/Weeks/Months/Years

5)   In the right pane,double-click ValidityPeriodUnits.

6)   In the Value data box, type the numericvalue that you want, and then click OK. For example, type 2.

Restart CA server.
How to Install and Configure GitLab on Ubuntu 18.04 LTS
liangtianmeng的专栏
01-06 1624
GitLab is an open source GIT repository manager based on Rails and developed by GitLab Inc. It is a web-based GIT repository manager that allows your team to work on code, perform feature requests, track bugs, and test and implement applications. GitLab pr
How to install Apache Superset Docker Image on Linux CentOS7 that without internet
BigDataSmallTeam 大数据小团队--蒙昭良的博客
03-16 3985
Step 1: Login Linux and check the CentOS version [root@bigdatasmallteam ~]# whoami root [root@bigdatasmallteam ~]# free total used free shared buff/cache available Mem: 16247588 1266648 11102236 27416
How to set up OCSP server
crystalyangbjut的博客
03-27 720
How to set up OCSP server using openssl
How to Set Up SSL on IIS 7
Angelo Lee's Blog
11-17 713
Introduction The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7 and IIS 6.0, and include the following: Get an appropriate certificate. Create an HTTPS binding
How To: Set Up SSL on a Web Server
tiantian1980的专栏
01-05 859
.NET Framework SecurityBuilding Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication  How To: Set Up SSL on a Web ServerJ.D. Meier, Alex Mackman, Michael Du
How to set up a simple mail server on Debian in 5 easy steps
玄冰幽阁
09-25 2679
This tutorial will take you through the steps of setting up and configuring a simple mail server(SMTP, POP3, IMAP) on Debian/Linux. The instructions will be given for Debian, but they can be adapted q
How to Install FreeIPA Server with Docker on Debian 12
allway2的博客
11-16 673
curl \gnupg \git \echo \apt updatesystemctlenableddockerbob' to the 'docker' group.bobsu - bobbobbobgitlsls'.Once the ''.yesbobdocker psUp'.docker ps/etc/hostskrb5-user'.'.' file.klist。
How To Set Up a Private Docker Registry on Ubuntu 14.04
Simon
09-30 1924
Introduction Docker is a great tool for deploying your servers. Docker even has a public registry called Docker Hub to store Docker images. While Docker lets you upload your Docker creations to their...
How To Set Up Database Replication In MySQL On Ubuntu
小郭学路的专栏
07-26 831
MySQL Replication的配置,自己动手试试过了。可行的。 使用虚拟机装了两个Ubuntu的。
How to Set Up Replication--MySQL Concept
bruce
01-14 868
Thissection describes how to set up complete replication of a MySQL server. Thereare a number of different methods for setting up replication, and the exact methodto use depends on how you are setting
How to install pip on Ubuntu 16.04 ?
程永强
08-14 1332
How to install pip on Ubuntu 16.04 ? 如何在 Ubuntu 16.04 系统上安装 pip ? We’ll show you how to install pip on Ubuntu 16.04. Pip is a package management system used to install and manage software packages which are found in the Python Package Index (PyPI). These s
How to upgrade NBU cluster from 10.0.0.1 to 10.2.0.1
mandarin_meng的博客
03-18 1900
upgrade NBU from 10.0.0.1 to 10.2.0.1
How to SSH to the Tanzu Kubernetes Cluster Nodes
weixin_43394724的博客
07-29 793
环境参数 项目 描述 备注 vSphere vSphere7.0u2a 17867351 vCenter VCSA-.7.0.2 17920168 NSX-T Datacenter 3.1.2.1.0 17975796 Tanzu 1.3.1 官网方法无法成功 VMware的官方网站给出的方法如下:SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Password 在第四步就出错了 [roo
Ubuntu Server welcome message
Hanjie-chen的博客
06-04 1367
最近在折腾ubuntu server, 和学习英语,这是一次学习记录
IPC4J进程间内存共享库_基于inotify事件通知机制与mmap内存映射及shm_open共享内存API构建的半双工高性能跨进程通信框架_实现Linux环境下与发行版无关的进程.zip
最新发布
12-04
IPC4J进程间内存共享库_基于inotify事件通知机制与mmap内存映射及shm_open共享内存API构建的半双工高性能跨进程通信框架_实现Linux环境下与发行版无关的进程.zip
(48页PPT)DG某著名企业云平台赋能企业数字化转型.pptx
12-04
(48页PPT)DG某著名企业云平台赋能企业数字化转型.pptx
高可用的综合电商服务平台项目_后台商品管理子系统会员管理子系统订单管理子系统前端购物平台子系统商品搜索子系统商品详情子系统订单物流中心子系统_用于构建一个具备高可用性和可扩展性的完.zip
12-04
高可用的综合电商服务平台项目_后台商品管理子系统会员管理子系统订单管理子系统前端购物平台子系统商品搜索子系统商品详情子系统订单物流中心子系统_用于构建一个具备高可用性和可扩展性的完.zip
Hade是一个基于Golang的轻量级Web框架它使用net-http标准库搭建高性能服务器通过Context实现请求上下文的链条信息传递和共享采用trie树结构优化路由规则.zip
12-04
Hade是一个基于Golang的轻量级Web框架它使用net-http标准库搭建高性能服务器通过Context实现请求上下文的链条信息传递和共享采用trie树结构优化路由规则.zip
【电动汽车充电站有序充电调度的分散式优化】基于蒙特卡诺和拉格朗日的电动汽车优化调度(分时电价调度)(Matlab代码实现)
12-04
内容概要:本文介绍了一种基于蒙特卡洛模拟和拉格朗日优化方法的电动汽车充电站有序充电调度策略,重点针对分时电价机制下的分散式优化问题。通过Matlab代码实现,构建了考虑用户充电需求、电网负荷平衡及电价波动的数学模【电动汽车充电站有序充电调度的分散式优化】基于蒙特卡诺和拉格朗日的电动汽车优化调度(分时电价调度)(Matlab代码实现)型,采用拉格朗日乘子法处理约束条件,结合蒙特卡洛方法模拟大量电动汽车的随机充电行为,实现对充电功率和时间的优化分配,旨在降低用户充电成本、平抑电网峰谷差并提升充电站运营效率。该方法体现了智能优化算法在电力系统调度中的实际应用价值。; 适合人群:具备一定电力系统基础知识和Matlab编程能力的研究生、科研人员及从事新能源汽车、智能电网相关领域的工程技术人员。; 使用场景及目标:①研究电动汽车有序充电调度策略的设计与仿真;②学习蒙特卡洛模拟与拉格朗日优化在能源系统中的联合应用;③掌握基于分时电价的需求响应优化建模方法;④为微电网、充电站运营管理提供技术支持和决策参考。; 阅读建议:建议读者结合Matlab代码深入理解算法实现细节,重点关注目标函数构建、约束条件处理及优化求解过程,可尝试调整参数设置以观察不同场景下的调度效果,进一步拓展至多目标优化或多类型负荷协调调度的研究。
Options: --networkMessageCompressors arg (=snappy,zstd,zlib) Comma-separated list of compressors to use for network messages General options: -h [ --help ] Show this usage information --version Show version information -f [ --config ] arg Configuration file specifying additional options --configExpand arg Process expansion directives in config file (none, exec, rest) --port arg Specify port number - 27017 by default --ipv6 Enable IPv6 support (disabled by default) --listenBacklog arg Set socket listen backlog size --maxConns arg (=1000000) Max number of simultaneous connections --pidfilepath arg Full path to pidfile (if not set, no pidfile is created) --timeZoneInfo arg Full path to time zone info directory, e.g. /usr/share/zoneinfo -v [ --verbose ] [=arg(=v)] Be more verbose (include multiple times for more verbosity e.g. -vvvvv) --quiet Quieter output --logpath arg Log file to send write to instead of stdout - has to be a file, not directory --logappend Append to logpath instead of over-writing --logRotate arg Set the log rotation behavior (rename|reopen) --timeStampFormat arg Desired format for timestamps in log messages. One of iso8601-utc or iso8601-local --setParameter arg Set a configurable parameter --extensions arg Specify paths to extensions to load --bind_ip arg Comma separated list of ip addresses to listen on - localhost by default --bind_ip_all Bind to all ip addresses --noauth Run without security --transitionToAuth For rolling access control upgrade. Attempt to authenticate over outgoing connections and proceed regardless of success. Accept incoming connections with or without authentication. --slowms arg (=100) Value of slow for profile and console log --slowTaskWaitTimeProfilingMs arg (=50) Value of slow wait time for tasks --slowOpSampleRate arg (=1) Fraction of slow ops to include in the profile and console log --profileFilter arg Query predicate to control which operations are logged and profiled --auth Run with security --clusterIpSourceAllowlist arg Network CIDR specification of permitted origin for `__system` access --profile arg 0=off 1=slow, 2=all --cpu Periodically show cpu and iowait utilization --sysinfo Print some diagnostic system information --noscripting Disable scripting engine --notablescan Do not allow table scans --proxyPort arg The port that accepts connections with a proxy protocol header. --keyFile arg Private key for cluster authentication --clusterAuthMode arg Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) Replication options: --oplogSize arg Size to use (in MB) for replication op log. default is 5% of disk space (i.e. large is good) Replica set options: --replSet arg arg is <setname>[/<optionalseedhostlist >] --replSetName arg arg is <setname> Serverless mode: --serverless arg Serverless mode implies replication is enabled, cannot be used with replSet or replSetName. Sharding options: --configsvr Assigns the config-server role to this node in a sharded cluster. The default listening port is 27019 and the default database directory is /data/configdb. --shardsvr Assigns the shard-server role to this node in a sharded cluster. The default listening port is 27018. --routerPort [=arg(=27016)] Assigns the router role to this node in a sharded cluster, and results in listening to a dedicated port (27016 by default) to serve routing requests. --maintenanceMode arg Allows this node to skip starting up sharding components or both replication and sharding components. This allows for performing maintenance on this node. To skip setting up just sharding components use --maintenanceMode=replic aSet. To skip setting up both sharding and replication components use --maintenanceMode=standalone. --replicaSetConfigShardMaintenanceMode Bypasses validation of configuration mismatches between startup parameters and the stored replSetConfig. Enables restarting the node as a configsvr even if the stored configuration is for a replica set, and vice versa. Storage options: --storageEngine arg What storage engine to use - defaults to wiredTiger if no data files present --dbpath arg Directory for datafiles - defaults to \data\db\ which is C:\data\db\ based on the current working drive --directoryperdb Each database will be stored in a separate directory --syncdelay arg Seconds between disk syncs --journalCommitInterval arg how often to group/batch commit (ms) --upgrade Upgrade db if needed --repair Run repair on all dbs --validate Run validation on all collections --restore This should only be used when restoring from a backup. Mongod will behave differently by handling collections with missing data files, allowing database renames, skipping oplog entries for collections not restored and more. --oplogMinRetentionHours arg (=0) Minimum number of hours to preserve in the oplog. Default is 0 (turned off). Fractions are allowed (e.g. 1.5 hours) TLS Options: --tlsOnNormalPorts Use TLS on configured ports --tlsMode arg Set the TLS operation mode (disabled|allowTLS|preferTLS|requireTLS ) --tlsCertificateKeyFile arg Certificate and key file for TLS. Certificate is presented in response to inbound connections always. Certificate is also presented for outbound connections if tlsClusterFile is not specified. --tlsCertificateKeyFilePassword arg Password to unlock key in the TLS certificate key file --tlsClusterFile arg Certificate and key file for internal TLS authentication. Certificate is presented on outbound connections if specified. --tlsClusterPassword arg Internal authentication key file password --tlsCAFile arg Certificate Authority file for TLS. Used to verify remote certificates presented in response to outbound connections. Also used to verify remote certificates from inbound connections if tlsClusterCAFile is not specified. --tlsClusterCAFile arg CA used for verifying remotes during inbound connections --tlsCRLFile arg Certificate Revocation List file for TLS --tlsDisabledProtocols arg Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2,TLS1_3 ] --tlsAllowConnectionsWithoutCertificates Allow client to connect without presenting a certificate --tlsAllowInvalidHostnames Allow server certificates to provide non-matching hostnames --tlsAllowInvalidCertificates Allow connections to servers with invalid certificates --tlsCertificateSelector arg TLS Certificate in system store --tlsClusterCertificateSelector arg SSL/TLS Certificate in system store for internal TLS authentication --tlsLogVersions arg Comma separated list of TLS protocols to log on connect [TLS1_0,TLS1_1,TLS1_2 ,TLS1_3] --tlsClusterAuthX509ExtensionValue arg If specified, clients who expect to be regarded as cluster members must present a valid X.509 certificate containing an X.509 extension for OID 1.3.6.1.4.1.34601.2.1.2 which contains the specified value. --tlsClusterAuthX509Attributes arg If specified, clients performing X.509 authentication must present a certificate with a subject name with the exact attributes and values provided in this config option to be treated as peer cluster nodes. AWS IAM Options: --awsIamSessionToken arg AWS Session Token for temporary credentials WiredTiger options: --wiredTigerCacheSizeGB arg Maximum amount of memory to allocate for cache in GB; Defaults to 1/2 of physical RAM. Only one of either wiredTigerCacheSizePct or wiredTigerCacheSizeGB can be provided --wiredTigerCacheSizePct arg Maximum amount of memory to allocate for cache as a percentage of physical RAM; Defaults to 1/2 of physical RAM and a minimum of 256MB. Only one of either wiredTigerCacheSizePct or wiredTigerCacheSizeGB can be provided --zstdDefaultCompressionLevel arg (=6) Default compression level for zstd compressor --wiredTigerJournalCompressor arg (=snappy) Use a compressor for log records [none|snappy|zlib|zstd] --wiredTigerDirectoryForIndexes Put indexes and data in different directories --wiredTigerLiveRestoreSource arg Path to the source for live restore. --wiredTigerLiveRestoreThreads arg (=8) Number of live restore background threads. --wiredTigerLiveRestoreReadSizeMB arg (=1) 'The read size for data migration, in MB, must be a power of two. This setting is a best effort. It does not force every read to be this size.' --wiredTigerCollectionBlockCompressor arg (=snappy) Block compression algorithm for collection data [none|snappy|zlib|zstd] --wiredTigerIndexPrefixCompression arg (=1) Use prefix compression on row-store leaf pages Windows Service Control Manager options: --install Install Windows service --remove Remove Windows service --reinstall Reinstall Windows service (equivalent to --remove followed by --install) --serviceName arg Windows service name --serviceDisplayName arg Windows service display name --serviceDescription arg Windows service description --serviceUser arg Account for service execution --servicePassword arg Password used to authenticate serviceUser
11-22
例如 `mongod --config "E:\software\MongoDB\Server\7.0\mongo.config" --install --serviceName "MongoDB"` 会将 MongoDB 以 `MongoDB` 为服务名安装到系统中[^3]。 - **`--serviceName`**:与 `--install` 配合...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值