????? ????? "??? ???? ???????" ??? ????? LDAP ????

???? ???????: 931351 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???????? ????? ????? ??????? ?????? ?????? ???????
????? ???? | ?? ????

?? ??? ??????

??????

???? ??? ??????? ????? ????? ??? ???? ??????? (SAN) ??? ???? ?????? ???????? ?????? ?????? ?????? ???? (LDAP) ????. ??? ????? ????? LDAP ??? ???? ???? (CA) ???? ?? ??????? ??? ???? ??????? ????? ??? ???? ??????? Microsoft Windows Server 2003. ????? ???? ?? ??????? ????? ???? ???? ???????? ??? ???? ??? ???? (DNS) ??? ??? ?????????. ????? ??? ??????? ??????? ??? ????? ????? ???? SAN ???? ????? ???? ??? ??????? ??? ????? CA? ???? ???? ?????? ?? ???? ???? ?? ??? ??????.
???? ??? ?????? | ????? ???????

?????

???? ??? ??????? ????? ????? ??? SAN ????? LDAP ????. ?????? ??? ??????? ???? ????? ?????? ??? ???:
  • ????? ?????? ???? ????? ??? ??? ?? ????? ?????.
  • ????? ?????? ??? ????? ??? ????? ?????? ??????.
  • ????? ?????? ??? ????? ??? ???????? ?????? ??????.
  • ????? ??? ????? ???????? Certreq.exe ????.
  • ????? ?????? ??? ????? ??? ??? ?????? ?????? ??????.
???? ??? ?????? | ????? ???????

??????? ????

????? ????? ?????? ???? ????? ??? ??? ?? ??? ???????

?????????? ??????? ?? ??? ?????? ???? ???? ?? ?????? ??? ???? Windows ??????? 2003 ????? ???????? ???? ????? ??? ???? SAN. ??? ??????? SAN ????? ??? ???????? ??? ??? ??? ????????? ?? ?????? ?????. ?????? ??? ??????? ????? ??????? ??????? ?? ??? ?????? ??? ?????? ???? ???? ???? "?????? ??????". ???? ????? ??????? ENTER ??? ????? ?? ???.
policy\EditFlags-setreg certutil + EDITF_ATTRIBUTESUBJECTALTNAME2
net stop ???????
net start ???????


?????? EDITF_ATTRIBUTESUBJECTALNAME2 ?????? ??? ??? ?? ????? ???? ??? SAN.

????? ????? ?????? ??? ?????

??? ????? ??? ????? ??? ?????? ??????? ?????? ??? ????? ???? ??????? ???????? ????? ?? ????? ????? ?? ??? ??????? ????????? ?? ???? ?????? Active Directory. ??????? 1 ???? ??????? ???? ???? ??? ???? ????? ????? LDAP ??? ???? ???? ??????? ?????? (SSL). ???? ????? ????? ??????? 2 ??????? ????? ?? ??? ??????? ?? ?? Active Directory. ?????? ?????? ????? ??? ????? ??????? 2? ?????? ?????? ??????? ??? ?? ???? ??? Windows Server 2003, Enterprise Edition ????? ???? ?????????.

??? ????? ??? ??? ?????? ???? ?????? ????? ????? ??? ???????. ????? ????? ??? ?????? ?? ??????? ??? ???????. ????? ????? ???? SAN ???? ???? ?? ?????? ???????? ?????? Certreq.exe. ??? ????? ????? ?????? SAN ?? ??????? ???? ?? ??????? ???????? ????? ????? ???.

????? ??????? ????? ????? ??? ????? ??? ????? ??? ?????? ?????? ??????

????? ??? ????? ????? SAN ????? CA? ???? ??????? ???????:
  1. ???? Internet Explorer.
  2. ?? Internet Explorer? ??????? http://??? ??????/certsrv.

    ?????? ??? ?????? ?? ??? ???? ??? ??? ?????? ???? ???? ?????? Windows Server 2003 ???? ?????? ?????? ???? ???? ??????.
  3. ???? ??? ??? ?????.
  4. ???? ??? ?????? ?????? ???.
  5. ???? ??? ????? ?????? ??? ??? ??? ?????? ??????.
  6. ?? ???? ??????? ? ???? ??????? ???.

    ?????? ??? ????? ?????? ?????? ?????? ?????? "???? ???". ????? ?? ????? ??? ????? ?????? "???? ???" ??? ???? "????? ????????" ?? ?????? ?????? ???????? ??? ?? ??? ????? ?????? ?????? ?????? ??? ????? ?????? "???? ???".
  7. ????? ??????? ??????? ??? ?? ?????.
  8. ?? ??? ? ???? ???? ????? ??? ?????? ????? ???? ??????.
  9. ??? ?????? ???????? ????? ??????? ??????:
    • ????? ?????? ?????? ?????
    • CSP: ??????? SChannel Microsoft RSA ????
    • ????? ?????????: ?????
    • ??? ???????: 1024-16384
    • ????? ???????? ????????? ???
    • ????? ??????? ?? ????????? ?????? ???? ????????
  10. ??? ?????? ??????? ????? ????? ????? ??? CMC.
  11. ?? ???? ? ???? ??????? ???? SAN. ???? ??? ???? ????? ??????:
    ???: dns =dns.name[& dns =dns.name]
    ??? ??? ????? DNS ?????? ????? (&). ? ????? ??? ??? ??? ???? ???? ?????? corpdc1.fabrikam.com ? ????? ???????? ?? ldap.fabrikam.com? ??? ????? ?? ?? ??? ??????? ?? ????? ????. ????? ??? ?????? ???? ??? ???:
    san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com
  12. ???? ??? ?????.
  13. ??? ???? ?? ????? ??????? ??? ??????? ???? ??? ????? ??? ???????.

????? ??????? ????? ????? ??? ?????? ?????? ??? ????? ??? ???? ???? ?????

????? ??? ????? ????? ??? ??? ?????? ?????? ???????? ???? ??????? ???????:
  1. ???? Internet Explorer.
  2. ?? Internet Explorer? ??????? http://??? ??????/certsrv.

    ?????? ??? ?????? ?? ??? ???? ??? ??? ?????? ???? ???? ?????? Windows Server 2003 ???? ?????? ?????? ???? ???? ??????.
  3. ???? ??? ??? ?????.
  4. ???? ??? ?????? ?????? ???.
  5. ???? ??? ????? ?????? ??? ??? ??? ?????? ??????.
  6. ????? ??????? ??????? ??? ?? ?????.
  7. ?? ??? ? ???? ???? ????? ??? ?????? ????? ???? ??????.
  8. ?? ??? ??????? ???????? ??? ??????? ???? ??? ????? ?????? ??????.
  9. ??? ?????? ???????? ????? ??????? ??????:
    • ????? ?????? ?????? ?????
    • CSP: ??????? SChannel Microsoft RSA ????
    • ????? ?????????: ?????
    • ??? ???????: 1024-16384
    • ????? ???????? ????????? ???
    • ????? ??????? ?? ????????? ?????? ???? ????????
  10. ??? ?????? ??????? ????? ????? ????? ? CMC.
  11. ?? ???? ? ???? ??????? ???? SAN. ???? ??? ???? ????? ??????:
    ???: dns =dns.name[& dns =dns.name]
    ??? ??? ????? DNS ?????? ????? (&). ? ????? ??? ??? ??? ???? ???? ?????? corpdc1.fabrikam.com ? ????? ???????? ?? ldap.fabrikam.com? ??? ????? ?? ?? ??? ??????? ?? ????? ????. ????? ??? ?????? ???? ??? ???:
    san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com
  12. ???? ??? ?????.
  13. ??? ?? ??? ????? ?????? ?????? ????? ???????? ????????? ????? ??????? ???? ???? ??? ? ????? ?????? ????? ????? ?????? ??????? ???? ?? ???.

    ?????? ??? ????? ????????? ?????? ??????? ? http://??? ??????/certsrv? ? ?? ???? ??? ?????? ?? ????? ?????. ???? ??? ??????? ???????, ???? ??????.

    ??? ???? ??????? ????? ?? ????? ??????? ???? ???? ???. ???? ??? ????? ??? ??????? ?????? ?????.

????? ??????? ?????? ???????? Certreq.exe ?????? ?????? ??? ????? ????? SAN

???????? ?????? ???????? Certreq.exe ?????? ?????? ??????? ???? ???? ??????? ???????:
  1. ????? ??? inf. ???? ???? ????????? ??? ???????. ????? ??????? ????? ????????? ???????? ??????? ?????? inf. ?????.
    [Version] 

Signature="$Windows NT$ 

[NewRequest]
Subject = "CN=corpdc1.fabrikam.com" ; must be the FQDN of domain controller
EncipherOnly = FALSE
Exportable = FALSE  ; TRUE = Private key is exportable
KeyLength = 1024    ; Common key sizes: 512, 1024, 2048, 
			  ;    4096, 8192, 16384
KeySpec = 1             ; Key Exchange
KeyUsage = 0xA0     ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC
	
; Omit entire section if CA is an enterprise CA
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
	
[RequestAttributes]
CertificateTemplate = WebServer ;Omit  line if CA is a stand-alone CA
SAN="dns=corpdc1.fabrikam.com&dns=.fabrikam.com&dns=ldap.fabrikam.com"

Important Notes:  1) If you?re generating a request for a Windows 2008 and above, please remove ?EncipherOnly? option from the inf file. 

     b) If CA is a standalone CA, either remove ?CertificateTemplate = WebServer? option from the inf file or mark that as a comment by putting ; before the option.
  2. ??? ????? ???? Request.inf.
  3. ???? ???? ???????.
  4. ?? ???? ???????? ???? ????? ??????? ??? ?? ???? ????? ??????? ENTER:
    ??? ?????-certnew.req request.inf ???????
    ?????? ??? ????? ????????? ?? ????? Request.inf ??? ????? ??? ???????? ?????? ?????? ?????? ?????????? ?? ??? inf. ????? ??? ????? ?????? ??? ???????? ??????? ?????? ??? ?????? ???????? ??????? ?? put ?? ??? ?? ??????? ????? ???? ??? ????????? ??????.
  5. ?? ???? ???????? ???? ????? ??????? ??? ?? ???? ????? ??????? ENTER:
    ??? ?????-???? certnew.req certnew.cer
    ???? ??? ????? ?????? ??? ??????? ??? ?????? ??????. ??? ??? ???? ?? ????? ?? ???? ?? ??????? -??????? ???? ??????? ??? ??????? ?? ??? ??????? ?????? ????? ??? ?????? ?????? ?????. ??? ??? ?? ?????? -??????? ???????? ???? ??????? ?????? ?????? ?????? ???? ??? ????? ???.

    ?? -??????? ?????? ??? ??????? ??????? ?????? ??????? ??? ???? ???? ????:
    ??? ?????????\??? ?????? ??????
    ??? ???? ??????? ????? ?? ??? ?????? ?????? ??? CA1 ??? ?????? ? ?? ??? ?????? ?? corpca1.fabrikam.com. ???????? ??? ????? ?? ?config ?? ???????? ??? ????? ??? ?????? ??????? ???? ????? ??????:
    ??? ?????-???? certnew.cer certnew.req CA1 ???-????? "corpca1.fabrikam.com\Corporate"
    ??? ??? ?????? ?????? CA ??? ?????? ?????? ?????? ??? ??? ??? ???????? ???? ???? ????? ????? ???? ?????? "?????" ? "????? ??????? ?? ????? ???. ??? ??? ??????? ???? ?? ??????? ?? ????? Certnew.cer. ??? ??? ?????? ?????? CA ?????? ???? ??? ??????? ?? ????? ???? ??? ??? ????? ?? ??? ????? ?????? ??????. ??????? ?? ??? ???????-????? ????? ????? ??? ??? "???? ?????" ????? ??????. ????? ???????? ??? ???????? ???? ??????? ???????? ??? ??? ????.
  6. ??????? ??? "???? ???" ?????? ??? ???????. ??? ?????? ????? ???? ????? ??????? ??? ?? ???? ENTER:
    ??? ?????-??????? ???? ????? certnew.cer
    ????? ???? ??????? -??????? ?? ???????? ??? ???????? ??? ??????? ?? ???? ?????? ??????. ??? ??? -??????? ?? ??? ??????? ??? ???????? ????? ??????? ?????? ?????? ?????? ???? ?????? ??? ???????.
  7. ?? ???? ???????? ???? ????? ??????? ??? ?? ???? ????? ??????? ENTER:
    ??? ?????-???? certnew.cer
    ??? ?????? ??? ???????? ??? ????? ??????. ???? ??? ??????? ??????? ??? ???? ???????? ??? ???? ????? ??? ??????? ????? ???? ?? ?????? ?? ?????? 4.

????? ????? ??? ????? ??? ???? ???? ?? ??? ??????

??? ??? ???? ????? ??? ????? ??? ?????? ?????? CA ?????? ????? ??????? ???? Certreq.exe ?????? ??? ??? ???????. ???? ?? ????? ??? ??? ?????? ?????? ?????? ???????? ?? ????? ????? ???? ??????. ??? ?? ???? ?????? ??? ?????? ???????? ????? ???????? ?????? CMC.

?????? ???? ???????? ???? ??? ??? ??????? ?????? ????? ????? (CSR).
???? ??? ?????? | ????? ???????

?????

????? ?? ????????? ??? ????? ????? LDAP ??? SSL ?? ?????? ?????? ??????? ???? ??? ??? ???? ??????? ??????? ??????? ?? ????? ????? Microsoft:
321051
(http://support.microsoft.com/kb/321051/ )
????? ????? LDAP ??? SSL ?? ???? ???? ?? ??? ??????

????? ?? ????????? ??? ????? ??? ????? ?? "??? ???? ???????" ????? ?? ?????? ???? Microsoft TechNet ???????:
.aspx http://technet.microsoft.com/en-us/library/ff625722 (WS.10)
(http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx)
????? ?? ????????? ??? ????? ??????? certutil ???? ????? ???? ???? (CA)? ?? ?????? ???? Microsoft ?????? ??? ???:
http://msdn.microsoft.com/en-us/library/cc772751.aspx
(http://msdn.microsoft.com/en-us/library/cc772751.aspx)
???? ??? ?????? | ????? ???????

???????

???? ???????: 931351 - ????? ??? ??????: 17/?????/1432 - ??????: 1.0
????? ???
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
????? ??????: 
kbexpertiseadvanced kbhowto kbmt KB931351 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????931351
(http://support.microsoft.com/kb/931351/en-us/ )
???? ??? ?????? | ????? ???????

????? ???????

 
???? ??? ?????????? ??? ??????