Due to the increasingly serious security problems, in order to ensure the confidentiality of data transmission, the certainty of the identity of the traders, etc., we need to adopt a security mechanism to achieve these functions. Here we discuss the following PKI system. "Certificate", that is, how to build a CA environment to ensure security.
CA (Certificate Authority) is mainly responsible for the issuance, management, archiving and revocation of certificates. We can think of certificates as the driving licenses we need to drive. The certificate contains the name, address, e-mail account number, public key, validity period of the certificate, the CA that issued the certificate, and the digital signature of the CA. Certificates have three main functions: encryption, signature, and authentication. The specific knowledge of encryption is not elaborated here. Here we mainly discuss how to implement the CA environment.
CA's architecture is a hierarchical deployment model, divided into "root CA" and "subordinate CA": "root CA" is located at the top of this architecture, generally it is used To issue certificates to other CAs (subordinate CAs). In the Windows system, we can build four kinds of CA: enterprise root CA and enterprise subordinate CA (the two CAs can only be in the domain environment); independent root CA and independent subordinate CA.
Install CA: through the control panel - add remove program - add delete windows components - certificate service, select the type of CA installed during the installation process, then here we choose independent root CA, enter The name of the CA and the expiration date are set, and the wizard is complete. (Note here: Install IIS before installing Certificate Service) Apply for a certificate: After the CA service is installed, you can apply for a certificate directly. There are two ways to apply for a certificate: through the MMC console (this method is only applicable to enterprise root CA and enterprise). Subordinate CA) and through the web browser. Here we can only choose the way of the WEB browser, find a client computer, enter the IP address of the http://ca server or the computer name /certsrv in the IE browser. Then choose to apply for a new certificate, select the type of certificate, enter the correct information, you can get the certificate.
Using Certificates: We can set up a simple POP3 server to implement the mail service. Now suppose that lily wants to send an encrypted and signed email to lucy, select the tool--account--mail in the outlook on the lily side, select the account of lily, click on the attribute--security, select the certificate. Do the same thing at lucy.
1. Creating a Site Folder First you have to create a new site folder
When deploying the WCF server in the IIS server in Windows Server 2008, the following error is repor
ip address ping nowhere can only be host internal firewall or group policy restrictions. Check that
VPS is basically the same as the general stand-alone Linux server. There is basically no difference
Enterprises choose the right server Five attentions should not forget
Cache-Control (General Header, HTTP 1.1)
Modify the parameters to solve The FastCGI pool queue is full error
Server Migration: Reduce Downtime and Risk Avoidance
10 minutes analysis web server
IIS7 configuration PHP environment graphic tutorial (fastcgi fast latest version)
Why the disk array speed will suddenly slow down
Build server-side security protection
The computer disk can be reduced by a little bit
Repair Windows System with Microsoft Fix it Center
Detailed steps for installing Win10 single and dual systems on hard disk
What should I do if the Win7 system mouse does not move? Win7 system mouse does not move
Win7 task manager has disappeared recovery method
The Win8 preview version has expired in less than a month.
How to upgrade win10 to win10 technology preview version Build 9860
Win7 desktop can not be automatically refreshed need to press F5 button how to do