233
f1:ba:89:b8:af:fa:63:c6:c9:77:10:45:0d:8f:a6:7f:b9:e8:
25:90:4a:8e:c6:cc:b8:1a:f8:e0:bc:17:e0:6a:11:ae:e7:36:
87:c4:b0:49:83:1c:79:ce:e2:a3:4b:15:40:dd:fe:e0:35:52:
ed:6d:83:31:2c:c2:de:7c:e0:a7:92:61:bc:03:ab:40:bd:69:
1b:f5
To display detailed information about the CA certificate, use the display pki certificate domain
command.
Requesting a certificate from a Windows Server 2003 CA
server
Network requirements
Configure the PKI entity (the device) to request a local certificate from a Windows Server 2003 CA
server.
Figure 75 Network diagram
Configuring the Windows Server 2003 CA server
1. Install the certificate service component:
a. Select Control Panel > Add or Remove Programs from the start menu.
b. Select Add/Remove Windows Components > Certificate Services.
c. Click Next to begin the installation.
d. Set the CA name. In this example, set the CA name to myca.
2. Install the SCEP add-on:
By default, Windows Server 2003 does not support SCEP. You must install the SCEP add-on on the
server for a PKI entity to register and obtain a certificate from the server. After the SCEP add-on
installation is complete, you will see a URL. Specify this URL as the certificate request URL on the
device.
3. Modify the certificate service attributes:
a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the certificate service component and SCEP add-on have been installed successfully, there
should be two certificates issued by the CA to the RA.
b. Right-click the CA server in the navigation tree and select Properties > Policy Module.
c. Click Properties and then select Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate.
4. Modify the Internet information services attributes:
a. Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.
b. Select Web Sites from the navigation tree.
To Next Page
Loading...
Need help?
General