Detailed Steps
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (50.11 KB, 3 trang )
Designing a Public Key Infrastructure
Copyright 2002 Microsoft Corporation. All Rights Reserved.
Detailed Steps
Review the detailed steps covered in the demonstration.
Tasks Detailed Steps
Important: The following step must be performed at the partner computer designated as the enterprise
subordinate CA.
1.
Log on as Administrator of
the NWTRADERS domain.
a.
Log off the current user.
b.
Log on by using the following credentials:
User name: Administrator
Password: password
Log on to: NWTRADERS
Why must you log on as Administrator of NWTRADERS, and not as the Administrator of your child
domain?
A member of the Enterprise Admins group in the forest must install all enterprise CAs. Only the
NWTRADERS\Administrator account is a member of the Enterprise Admins group.
Designing a Public Key Infrastructure
Copyright 2002 Microsoft Corporation. All Rights Reserved.
Tasks Detailed Steps
2.
Install Certificate
Services with the
following information:
• CA type:
enterprise
subordinate CA
• CA name:
Computer (where
Computer is the
NetBIOS name of
your computer)
• Organization:
Northwind Traders
• Organizational
unit: Domain
(where Domain is
the NetBIOS name
of your child
domain)
• City: Computer
(where Computer
is the NetBIOS
name of your
computer)
• E-mail:
security@nwtrader
s.msft
• Parent CA:
EnterpriseCA
a.
Open Control Panel.
b.
Double-click Add/Remove Programs.
c.
In the Add/Remove Programs dialog box, click Add/Remove
Windows Components.
d.
In the Windows Components wizard, click Certificate Services.
e.
In the Microsoft Certificate Services dialog box, click Yes to
continue.
f.
Click Next.
g.
In the Certification Authority Type page, click Enterprise
subordinate CA, and then click Next.
h.
In the CA Identifying Information page, type the following
information:
CA name: Computer (where Computer is the NetBIOS name of your
computer)
Organization: Northwind Traders
Organization unit: Domain (where Domain is the NetBIOS name of your child
domain)
City: Computer (where Computer is the NetBIOS name of your computer)
E-mail:
i.
Click Next.
j.
In the Data Storage Location page, accept the defaults, and then click
Next.
k.
In the CA Certificate Request page, click the Browse button.
l.
In the Select Certification Authority dialog box, click EnterpriseCA,
and then click OK.
The fully qualified domain name london.nwtraders.msft will
appear in the Computer name box, and EnterpriseCA will
appear as the parent CA.
m.
Click Next.
n.
In the Microsoft Certificate Services dialog box, click OK to stop the
Internet Information Services.
o.
If required, in the Files Needed dialog box, in the Copy files from
box, type \\london\setup\winsrc and then click OK.
p.
Click Finish.
q.
Click Close to close the Add/Remove Programs dialog box.
r.
Close Control Panel.
Designing a Public Key Infrastructure
Copyright 2002 Microsoft Corporation. All Rights Reserved.
Tasks Detailed Steps
3.
Log off the network.
s.
Log off the NWTRADERS\Administrator account.
What CA hierarchy design is Northwind Traders deploying?
Northwind Traders is creating a CA hierarchy based on location because each domain represents
a geographic region on the global map. Alternatively, you could suggest that the CA hierarchy is
being delegated based on organization, because there is a CA located in each domain.
Do not proceed until all students groups in the classroom have completed the previous step. The
instructor will then stop Certificate Services on the London computer to simulate an offline enterprise
root CA.
