AD CS Kurulumu – CA Kurulumu

Photo of author
admin

CA, PKI AD CS olarak adlandırılan servisinin kurulumu ve konfigurasyonu hakkında vereceğim.

 

Kullanıcı hesapları, computer hesapları ve servis hesapları için kullanılan sertifikalar Windows ortamında sıkça kullanılır. Ayrıca network devicelar içinde kullanılır.

 

Standalone ve Enterprise CA olmak üzre temelde ikiye ayrılır. Standalone ca için bir domain ortamı gerekmek. Kullanıcı hesapları için sertifika requestleri manuel yapılır ayrıca bir sertifika template yapısı kullanılmaz. Auto enrollment yapısıda bulunmaz. Ancak Enterprise CA için bir AD DS ihtiyacı bulunur, GPO ile sertifikalar dağıtılabilir AD DS ile recovations yapısı kullanılabildiği gini template ve autoenrollment desteği de bulunur.

 

802.1x, EFS, Smart Card Auth (2FA), WebServer gibi çokça serviste kullanılan AD CA nin kurulum adımları aşağıdaki gibidir.

 

Domain ortamında Enterprise Admin yetkisine sahip bir account ile kurulum yapılmakatadır.

 

Machine generated alternative text: Add Roles and Features Wizard Select installation type DESTINATION SERVER Before You Begin Installation Type Server Selection Cc:nfrmetior Select the installation type. You can install roles and features on a running physical computer or virtual machine, or on an offline virtual hard disk (VHD). • Role-based or feature-based installation Configure a single server by adding roles, role services, and features. O Remote Desktop Services installation Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine-based or session-based desktop deployment. Install Cancel

 

Machine generated alternative text: Add Roles and Features Wizard Select destination server DESTINATION SERVER Before You Begin Instel'eticr Type Server Selection Server Roles Features Cc:rfrmetior Select a server or a virtual hard disk on which to install roles and features. • Select >erygr from thg Server pgp!_<br /> O<br /> Select a virtual hard disk<br /> Server Pool<br /> Filter:<br /> Name<br /> DCOI .semih.local<br /> I Computer(s) found<br /> IP Address<br /> Operating System<br /> Microsoft VVindows Server 2Crg Standard<br /> This page shows servers that are running Windows Server 2012 or a newer release of Windows Server,<br /> and that have been added by using the Add Servers command in Server Manager. Offline servers and<br /> ewly-added servers from which data collection is still incomplete are not shown.<br /> Install<br /> Cancel

 

Machine generated alternative text: Add Roles and Features Wizard Select server roles Before You Begin Installation Type Server Selection Server Role: Features AD CS Role Services Confirmation Select one or more roles to install on the selected server. Roles ctive Directo Certificate Service Active Directory Domain Services (Installed) Active Directory Federation Services Active Directory Lightw'eight Directory Services Active Directory Rights Management Services Device Health Attestation DHCP Server DNS Server (Installed) Fax Server File and Storage Services (2 of 12 installed) Host Guardian Service Hyper— V Network Policy and Access Services Print and Document Services Remote Access Remote Desktop Services Volume Activation Services Web Server (IIS) (16 of 43 installed) Windows Deploymnent Services Windows Server Update Services DESTINATION SERVER Description Active Directory Certificate Services (AD CS) is used to create certification authorities and related role services that allow you to issue and manage certificates used in a variety of applications. Install Cancel

 

Machine generated alternative text: Add Roles and Features Wizard Active Directory Certificate Services DESTINATION SERVER Before You Begin Installation Type Server Selection Server Roles Feetures AD CS Role Services Confirmation Active Directory Certificate Services (AD CSI provides the certificate infrastructure to enable scenarios such as secure wireless netvvorks, virtual private networks, Internet Protocol Security (IPSec), Network Access Protection (NAP), encrypting file system (EFS) and smart card log on. Things to note: • The name and domain settings of this computer cannot be changed after a certification authority (CA) has been installed. If you want to change the computer name, join a domain, or promote this server to a domain controller, complete these changes before installing the CA. For more information, see certification authority naming. Install Cancel

 

CA için kullanılacak features lar seçilir. Ben tüm servisleri seçiyorum. İhtiyaca göre gerekli servisler seçilerek kurulabilir. AD CS ile birlikte ISS in kuruluma da gerçekleşir.

 

Machine generated alternative text: Add Roles and Features Wizard Select role services Before You Begin Installation Type Server Selection Server Roles Features CS Role Services Confirmation DESTINATION SERVER Select the mle services to install for Active Directory Certificate Services Role services Certification Authori Certificate Enrollment PO Ii Web Service Certificate Enrollment Web Service Certification Authority Web Enrollment Network Device Enrollment Service Description The Certificate Enrollment Policy Web Service enables users and computers to obtain certificate enrollment policy information even when the computer is not a member of a domain or a domain-joined computer is temporarily outside the security boundary of the corporate network. The Certificate Enrollment Policy Web Serv'ice works with the Certificate Enrollment Web Service to prcwide policy-based automatic certificate enrollment for these users and computers. Install Cancel

 

Kurulumdan sonra post-deployment çalıştırılır.

Machine generated alternative text: Add Roles and Features Wizard Installation progress Wew installation progress o Feature installation Configuration required. Installation succeeded on DCOI semih.local. Active Directory Certificate Services DESTINATION SERVER Results Additional steps are required to configure Active Directory Certificate Services on the destination server Configure Active Directory Certificate Services on the destination server Certification Authority Online Responder Certification Authority Web Enrollment Network Device Enrollment Service Certificate Enrollment Policy Web Service Certificate Enrollment Web Service .NET Framework 4.7 Features You can close this wizard without interrupting nanning tasks. View task progress or open this page again by clicking Notifications in the command bar, and then Task Details. Export configuration settings Close Cancel

 

Machine generated alternative text: AD CS Configuration Credentials Credentials Role Services Cc:rfrmetior DESTINATION SERVER DCOI.semih.IocaI Spec' To install the following role services you must belong to the local Administrators group: • Standalone certification authority • Certification Authority Web Enrollment Online Responder To install the following role services you must belong to the Enterprise Admins græp: • Enterprise certification authority • Certificate Enrollment Policy Web Service • Certificate Enrollment Web Serv'ice Network Device Enrollment Service Credentials: SEMIH\administrator More about AD CS Server Roles Previous Change.„ Next Configure Cancel

 

AD CS in her servisi ayrı olarak tek tek konfigure edebilir.

 

AD CS kurulu olmadan Network Device Enrollement ve Certificate Entollment Web Service kurulumu gerçekleştirilmemektedir.

 

Machine generated alternative text: AD CS Configuration Role Services Cr.der-.iels Role Services Setup Type CA Type Private Key Cryptography CA Name Certificate Reguest Certificate Detebese Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Select Role Services to configure Certification Authority g] Certification Authority Web Enrollment g] Online Responder Network Device Enrollment Service Certificate Enrollment Web Service g] Certificate Enrollment Policy Web Service More about AD CS Server Roles Configure Cancel

 

Yazının başında belirttiğim gibi Enterprise veya Standalone CA kurulumdan hangisini gerçekleştireceksek ilgili CA tipi seçilir ve kurulum başlatılır.

 

Machine generated alternative text: AD CS Configuration Setup Type Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Certificate Reguest Certificate Detebese Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the setup type of the CA Enterprise certification authorities (CAs) can use Active Directory Domain Seæices (AD DS) to simpli%' the management of certificates. Standalone CAS do not use AD DS to issue or manage certifi cates. @ Enterprise CA Enterprise CAS must be domain members and are typically online to issue certificates or certificate policies. C) Standalone CA Standalone CAS can be members or a workgroup or domain. Standalone CAS do not require AD DS and can be used without a network connection (offline). More about Setup Type Configure Cancel

 

Root CA ilk kurulan CA dir. Subordinate CA ise child ca gibi düşebilirsiniz.

 

Machine generated alternative text: AD CS Configuration CA Type Credentials Role Services Setup Type CA Type Frivete Key Cryptography CA Name Validity Period Certificate Detebese Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the type of the CA When you install Active Directory Certificate Services (AD CS), you are creating or extending a public key infrastructure (PKI) hierarchy. A root CA is at the top of the PKI hierarchy and issues its own self-signed certificate. A subordinate CA receives a certificate from the CA above it in the PKI hierarchy. @ Root CA Root CAS are the first and may be the only CAS configured in a PKI hierarchy. C) Subordinate CA Subordinate CAS require an established PKI hierarchy and are authorized to issue certificates by the CA above them in the hierarchy More about CA Type Configure Cancel

 

İlk kurulumda CA için bir private key oluşturulması sağlanır. Backup\Restore veya upgrade seçeneklerinde diğer seçenek ile kurulum yapılır.

 

Machine generated alternative text: AD CS Configuration Private Key Credentials Role Services Setup Type ca Type Private Key Cryptography CA Name Validity Period Certificate Detebese Authentication Type for C. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the type of the private key To generate and issue certificates to clients, a certification authority (CA) must have a private key. @ Create a new private key use this option if you do not have a private key or want to create a new private key. C) use existing private key use this option to ensure continuity with previously issued certificates when reinstalling a CA. O Select a certificate and use its associated private key Select this option if you have an existing certificate on this computer or if you want to import a certificate and use its associated private key. O Select an existing private key on this computer Select this option if you have retained private keys from a previous installation or want to use a private key from an alternate source. More about Private Key Configure Cancel

 

AD CS için cryptographic provider seçimi gerçekleştirilir.

 

Machine generated alternative text: AD CS Configuration Cryptography for CA Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Validity Period Certificate Detebese Authentication Type for C.. Server Certificate Confirmation Specify the cryptographic options Select a cryptographic provider: RSA#Microsoft Software Key Storage Provider DESTINATION SERVER DCOI.semih.IocaI Key length: Select the hash algorithm for signing certificates issued by this CA: SHA256 SHA3U SHA512 SHAI Allow administrator interaction when the private key is accessed by the CA. More about Cryptography Configure Cancel

 

Machine generated alternative text: AD CS Configuration CA Name Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Validity Period Certificate Detebese Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the name of the CA Type a common name to identify this certification authority (CA). This name is added to all certificates issued by the CA. Distinguished name suffix values are automatically generated but can be modified. Common name for this CA: Distinguished name suffix: Preview of distinguished name: More about CA Name Configure Cancel

 

Sertifikanın kullanım alanına göre sertifikanın kaç gün\yıl ile expire olacağı seçilir. Kullaılacak senarya göre gün olarak seçilebildiği gibi genelde sunucularda 2-3 yıl olarak seçilir.

Machine generated alternative text: AD CS Configuration Validity Period Credentials Role Services Setup Type CA Type Private Key Cryptography CA Neme Glidit•j Period Certificate Database Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the validity period Select the validity period for the certificate generated for this certification authority (CA): CA expiratio The validity certificates i Years Days Months Years CA certificate should exceed the validity period for the More about Validity Period Configure Cancel

 

Machine generated alternative text: AD CS Configuration CA Database Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Velidit•j Period Certificate Database Authentication Type for Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify the database locations Certificate database location: Certificate database log location: More about CA Database Configure Cancel

 

Sertifikamız domain ortamında olduğu için Windows Integrated olarak çalışması gerekmektedir. AD_Level Auth olarak kullanılır.

 

Machine generated alternative text: AD CS Configuration Authentication Type for CEP DESTINATION SERVER DCOI.semih.IocaI Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Validity Period Certificete Detebese Authentication Type for CM Server Cerzificete Confirmation Select the type of authentication @ Windows integrated authentication C) Client certificate authentication C) user name and password More about Authentication Type for CEP Configure Cancel

 

AD CS için daha sonra bir sertifika konfigurasyonu yapacağım için bu seçeneği seçiyorum.

 

Machine generated alternative text: AD CS Configuration Server Certificate Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Validity Period Certificate Detebese Authentlceticn Type for Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI Specify a Server Authentication Certificate When communicating with clients, the web service(s) uses Secure Sockets Layer (SSL) protocol to encrypt network traffic. C) Choose an existing certificate for SSL encryption (recommended) Issued To Issued By Expiration Date DC01.semih.local semih-DC01-CA 10/13/2021 @ Choose and assign a certificate for SSL later For this role service to function, you must configure this server with a valid certificate. More about Server Certificate Configure Cancel

 

Machine generated alternative text: AD CS Configuration Confirmation Credentials Role Services Setup Type CA Type Private Key Cryptography CA Name Validity Period Certificate Database Authentication Type for C.. Server Certificate Confirmation DESTINATION SERVER DCOI.semih.IocaI To configure the following roles, mle services, or features, click Configure. Active Directory Certificate Services Certification Authority CA Type: Cryptographic provider: Hash Algorithm: Key Length: Allow Administrator Interaction: Certificate Validity Period Distinguished Name: Certificate Database Location: Certificate Database Log Location: Enterprise Root RSA#Microsoft Software Key Storage Provider SHA256 Disabled 1/19/2026 AM Certification Authority Web Enrollment Online Responder < Previous Next

 

Machine generated alternative text: AD CS Configuration Progress cryptography CA Name Certifiæte AL -ype for Server Cer_ificete Progress The following roles, role services, or features are being configured: Configuring... Active Directory Certificate Services Certification Authority Certification Authority Web Enrollment Online Responder Certificate Enrollment Policy Web Service DESTINATION SERVER DCOI.semih.IocaI Cancel

 

İlk kurulum tamamlanmıştır.

 

Machine generated alternative text: AD CS Configuration Results Cryptography CA Certifiæt± Q, -ype for C.. Server Cer_ificete Cc:rfrmetior Results DESTINATION SERVER DCOI.semih.IocaI The following roles, role services, or features were configured: Active Directory Certificate Services Certification Authority More about CA Configuration Certification Authority Web Enrollment More about Web Enrollment Configuration Online Responder More about OCSP Configuration Certificate Enrollment Policy Web Service Configuration succeeded e Configuration succeeded Configuration succeeded Configuration succeeded O Before clients can use this web service, a server authentication certificate must be configured to encrypt communication between clients and the service. use the IIS snap-in to verify the server authentication certificate. O Before clients can use the Certificate Enrollment Policy Web service, Group Policy settings must be applied to their computers to direct certificate enrollment requests to the web service. More about CEP Configuration Close Cancel

 

Machine generated alternative text: certsrv [Certification Authority I\Revoked Certificates] File Action View Help Cetification Authority (Local) semih-DC01-CA-1 Revoked Ce rtificates Issued Certificates Pending Requests Failed Requests Certificate Templates Request ID Revocation Date Effective Revocation Date Revocation Reason Requester There are no items to show in this view.

 

Var bir klasörü aşağıdaki gibi encrypt edersem domaindeki account um otomatik olarak AD CS ten bir sertifika alacak ve alınan sertifika IE üzerinden aşağıdaki gibi görülebilecek.

 

Machine generated alternative text: Test Properties Advanced Attributes Attribut Choose the settings pu want for this folder When you dick OK or Apply on the Proper tes dialog, you will be asked if you vvant the changes to affect all subfolders and fles as nell Archive and Index attributes Folder is ready for archiving Z] Allon fles in this folder to have contents indexed in addition to file oper tes Compress or Encrypt attributes Compress contents to save disk space Z] Encrypt contents to secure data

 

Machine generated alternative text: Internet Options General Security Privacy Content Connections Programs Cert fica tes Certificates use certficates for encrypted Advanced Intended purgu)se: Per sonal Other People Issued To administrator Administrator Intermediate Certficabon Authorities Trusted Root Certficabor AutoComplete AutoComplete stores previous entries on vvebpages and suggests matches for you Feeds and Web Slices Feeds and Web Slices provide upda content from nebsites that can be read in Internet Explorer and other programs. Issued 8 y administrator semih0C01CA-1 Expirabo... 9/18/2120 1/19/2022 Friendly Name Cert ficate intended purposes Encrypting File System

Sertifika ayrıca aşağıdaki Issued Certificates te görülmektedir. Sertifika temlate I olarak ta Basic EFS sertifikası client için issue edilmiştir.

 

Machine generated alternative text: certsrv - [Certification Authority I\lssued Certificates] File Action View Help Cetification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates Request ID Requester Name SEMI H\administrator Binary Certificate - --8EGIN CERTIFICAT... Certificate Template Basic EFS (EFS) Serial Number 57DDDDDD02bfd... Certificate Effective Date 1/19/2021 1239 AM

 

EFS gibi sertifikaların otomatik issue edilmeyin Pending Request te beklemesi ve bir admin in bu sertifikayı issue etmesi gerekiyorsa aşağıdaki seçenek ile değişiklik yapılır.

 

Machine generated alternative text: semih-DCOI-CA-I Properties Dasht i Local ii All se ADC iäi ADD DNS File a certsrv - [Certification Authority File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates Extensions Enrollment Agents Storage Auditing Certificate Managem Recovery Agents Security Pohcy Module Descnption of active policy module Windows default Specifies how to handle certificate requests for Enterprise and Stand-alone CAS 100 @ Micmsoft Corporation Al fights reserved Properties Request Handling The Windows default policy module controls how this CA should handle certificate requests by default Do the following when a certificate request is received C) Set the certificate request status to pending The adminstrator must explicitly issue the certificate @ Follow the settings in the certificate template. f applicable Otherwise. automatically issue the certificate

 

Kurulmak istenen PKI altyapısına göre hangi kullanıcı\grup lara hangi yetkiler verilmek isteniyorsa securty tabında ilgili değişiklikler yapılır.

 

Machine generated alternative text: certsrv - [Certification Authority File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates semih-DCOI-CA-I Properties Extensions Enrollment Agents Group or user names: Storage Policy Module Certificate Managem Exit Module Auditing Recovery Agents Security Authenticated users Domain Admins (SEMIH\Domain Admins) Entevphse Admins (SEMIH\Entelphse Admins) *dministratorz (SEMIHzædministratorz) P emissions for Administrators Issue and Manage Certificates Manage CA Request Certificates Alo w Deny

 

Sertifika templatelerine göre ilgili kullanıcı\gruplar için yetki verilebilir. 802.1x sertifika ları bir IT ekibi başka bir sertifika template ini başka bir IT ekibi gibi.

Delegasyon işlemlerinin yapıldığı yerdir.

 

Machine generated alternative text: certsrv - [Certification Authority File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates semih-DCOI-CA I Properties Extensions Enrollment Agents Storage P ohcy Module Certificate Managem Auditing Recovery Agents Security For more information see ele ated Enrollment A ents @ Do not restrict enrollment agents C) Restrict enrollment agents Enrollment agents Certificate Templatee P emission e

 

AD CS üzerindeki kim hangi işlemi yaptmış gibi bir log tutmak isteniyorsa aşağıdaki events to audit ten ilgili seçenekler seçilir.

 

Machine generated alternative text: certsrv - [Certification Authority File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates semih-DCOI-CA-I Properties Extensions Enrollment Agents Storage P olicy Module Certificate Managem Exit Module Auditing Reco very To start logging events to the security Bg. you must enable the 'Audit object access' setting in Group Policy Events to audit [3 Back up and restore the CA database Change CA configuration Change CA security settings Z] Issue and manage certificate requests Revoke certificates and publish CRLs Store and retrieve archived keys [3 Start and stop Active Directory Certificate Services

 

Issue edilen bir sertifika aşağıdaki gibi bir ihtiyaç nedeniylr revoke edilebilir.

 

Machine generated alternative text: certsrv - [Certification Authority I \lssued Certificates] File Action View Help Cetification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificat es Pending Requests Failed Requests Certificate Templates Request ID Requester Name All Tasks Refresh Help Binary Certificate --8EGIN CERTIFICAT... View Attributes/Extensions... Export Binary Data... Revoke Certificate Certificate Template Basic EFS (EFS) Serial Number 5700000002bfd...

 

Machine generated alternative text: certsrv - [Certification Authority -CA-Illssued Certificates] File Action View Help Cetification Authority (Local) semih-DC01-CA-1 Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Templates Request ID Requester Name SEMI H\administrator Binary Certificate -BEGIN CERTIFICAT... Certificate Template Basic EFS (EFS) Serial Number 57DDDDDD02bft Certificate Revocation Are you sure you want to revoke the selected certificate(s)? Specify a reason date and time Reason code Unspecified Date and Time

 

Machine generated alternative text: certsrv [Certification Authority I\Revoked Certificates] File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked Cetificates Issued Certificates Pending Requests Failed Requests Certificate Templates Request ID Revocation Date 1/19/2021 1:D3AM Effective Revocation Date 1/19/2021 1:02AM Revocation Reason Unspecified Requester Name SEMIH\administr... Binary

 

Machine generated alternative text: Internet Options General Security Se tbngs Security Privacy Content Connections Programs Allon active content from CDs to run on My Computer* Allon actve content to run in fles on My Computer* Allon software to run or install even if the signature isinv; Block unsecured images with other mixed content Check for publisher's certificate revocaton Check for server certificate revocaton* Check for signatures on downloaded programs Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is dc Enable 64-bit processes for Enhanced Protected Mode* Enable DOM Storage Enable Enhanced Protected Mode* Enable Intearated Windows Authentcabon* *Takes effect after pu restart pur computer Restore advanced settings Reset Internet Explorer settings Resets Internet Explorer's settings to their default conditon You should only use this if your browser is in an unusable state.

 

Her CA in bir CRL URL I vardır. Buradan daha önce dağıtılan sertifikalar revoke edilmiş mi kontrol edilir.

 

 

Remove edilen sertifikalarda AD CS te publish edilir.

 

Machine generated alternative text: certsrv [Certification Authority I\Revoked Certificates] File Action View Help Certification Authority (Local) semih-DC01-CA-1 Revoked C Request ID Revocation Date 19/2021 Publish Effective Revocation Date 1/19/2021 1:02AM Revocation Reason Uns pecfied Requester Name SEMIH\administr... Sinai All Tasks Issued Ce Pending R Failed Req Refresh Certificate Export List... Properties Help

 

Machine generated alternative text: certsrv - [Certification Authority -CA-IlRevoked Certificates] File Action View Help Certification Authority (Local) semih-DC01-CA-1 es Revoked Certificat Issued Certificates Pending Requests Failed Requests Certificate Templates Request ID Revocation Date 1/19/2021 1:D3AM Effective Revocation Date 1/19/2021 1:02AM Revocation Reason Uns fied Requester Name SEMIH\administr... Binary Certificate -BEGIN CERTI.. Certificat Basic EFS Publish CRL The latest published Certificate Revocation Ljst (CRL)is Qill valid Clients maynot receive a new CRL until after their current one expires Type of CRL to publish @ New CRL Issues a complete CRL. which contains upkozate revocation information for the CA C) Delta CRL only Issues an abbreviated version of the CRL. which contains only the updates to the CRL that have been made since the last time t was published

 

AD CS e web browser üzerinden http://adcsosname-veyaipadresi/certsrv ile erişilir. Bir sertifika requestinde de bulunabilir ayrıca CA Sertifikası da download edilebilir.

 

User sertifikası alınabildiği gibi ayrıca publish edilen sertifikalar da AD CS ten alınabilir.

 

 

 

 

 

Microsoft IIS üzerinden aşağıdaki adımlarla bir sertifika rewuesti yapılır. Daha sonra bu request CA üzerinden alınıp IIS teki Compate Certificate Request ile sonlandırılır.

Ayrıca bu request ile public certificate authority lerde sertifika alma ve import etme ile aynı yöntemdir.

 

Machine generated alternative text: Internet Information Services (IIS) Manager View Help Server Certificates Use this feature to request and manage certificates that the Web server can use with websites configured for SSL. Start Page DCOI (SEMIH\admi Application Poo v „ Sites e Default Web Filter: Go • e Show All L Group by: No Grouping Issued To semih-DC01-CA-1 DCOI semih.local Issued By semih-DCOI - CA-I semih-DCOI-CA Expiration Date 1/19/2026 124420... 10/13/2021 12245... Certificate Hash 01371971 C02ED[ 864S812A72F148 Import... Create Certificate Request... Complete Certificate Request... Create Domain Certificate... Create Self-Signed Certificate... Enable Automatic Rebind of Renewed Certificate Help Request Certificate Distinguished Name Properties Specify the required information for the certificate. State/province and City/localit,' must be specfied as official names and they cannot contain abbreviations. Common name: Organization: Organizational unit: City/ loca State/ province: Country/region: WEBI .semih.locall

 

Machine generated alternative text: Request Certificate Cryptographic Service Provider Properties Select a cryptographic service provider and a bit length. The bit length of the encryption key determines the certificate's encryption strength. The greater the bit length, the stronger the security. However, a greater bit length may decrease performance. Cryptographic service provider. Microsoft RSA SChanneI Cryptographic Provider Bit length: Previous

 

Machine generated alternative text: Request Certificate File Name Specify the file name for the certificate request. This information can be sent to a certification authority for signing. Specify a file name for the certificate request: txt Previous Finish Cancel

 

 

Machine generated alternative text: Microsoft Active Directory X Microsoft Active Directory Certificate Services — semih-DC01-CA-1 Submit a Certificate Request or Renewal Request To submit a saved request to the CA, paste a base-64-encoded CMC or PKCS #10 certificate reque (such as a Web server) in the Saved Request box. Saved Request: Base-64-encoded certificate request (CMC or PKCS or PKCS #7): Certificate Tem koRyov0YLAGSXloga4szQYm70Q14aVyrD3h1QJNe• LLE1kgeGkr2ykNsy+Yi7szr4pW0app9KSLQ+SdLd' 4wcsnopi JXWI 113dz IRwGbCgrrxWZbZ FIG6 L+rvszsr XLXOYks1M/1RaaQygcsrXd2KJl Administrator Basic EFS EFS Recovery Agent User Subordinate Certification Authori Web Server Additional Attributes: Attributes: VEST Submit >

 

 

Machine generated alternative text: Internet Information Services (IIS) Manager View Help Start Page v DCOI (SEMIH\admi Application Poo v „ Sites Default Web Server Certificates Use this feature to request and manage certificates that the Web server can use with websites configured for SSL. Filter: Go • e Show All L Group by: No Grouping Issued To semih-DC01 -CA-I DCOI semih.local Issued By semih-DCOI - CA- semih- DCOI -CA Expiration Date 1/19/2026 124420... 10/13/2021 12245... Certificate Hash 01371971 C02ED[ 864S812A72F148 Import... Create Certificate Request... Complete Certificate Request... Create Domain Certificate... Create Self-Signed Certificate... Enable Automatic Rebind of Renewed Certificate Help

 

Machine generated alternative text: Internet Information Services (IIS) Manager View Help Start Page v DCOI (SEMIH\admi Application Poo v „ Sites e Default Web Complete Certificate Request SpeciW Certificate Authority Response Complete a previously created certificate request by retrieving the file that contains the certificate authority's response. File name containing the certification authority's response: Friendly name: WEBI Select a certificate store for the new certificate: Web Hosting Cancel

 

Machine generated alternative text: Internet Information Services (IIS) Manager DOI View Help Server Certificates Use this feature to request and manage certificates that the Web server can use with websites configured for SSL. Start Page v DCOI (SEMIH\admi Application Poo v „ Sites Default Web Filter: Name Go • e Show All L Group by: No Grouping Issued To semih-DC01-CA-1 DCOI .semih.local WEBI semih.local Content View Issued By semih-DC01-CA-1 semih-DC01-CA semih-DC01-CA-1 Expiration Date 1/19/2026 124420... 10/13/2021 1/19/2023 Certificate Certificate Hash 01371971 C02ED[ 8645812A72F148 A957919708Dcc Import... Create Certifica Complete Certid Create Domain Create Self-Sigr View... Export... General Details Certficabon Path Certificate Info rmation This certificate is intended for the following purpose(s): • Ensures the identty of a remote computer Issued to: WEE I. semih. local Issued by: semih-DCO I-CA-I Valid from 1/19/2021 to 1/19/2023 You have a private key that corresponds to this certficate. Features View Ready

 

İletişime Geç!

Bizlerle aşağıda yer alan mailden iletişime geçebilirsiniz.

semih@semihuykan.com.tr