我正在尝试按照本文中的说明创build自定义证书以在Web服务器上支持SSL。
我坚持以下步骤:
点击个人 – 所有任务 – 高级操作 – 创build自定义请求
问题是,在Web服务器(Windows Server 2003 R2)上, 我没有“所有任务”下的“高级操作”选项 。 我在我的台式机上(Windows 7),但不是在服务器上。 我能find的所有文档都表明它应该在WS-2003-R2上可用,但它不是。
注意:我正在经历这个手动过程,因为我需要在CSR中指定一个备用主机名,这是通过IIS 6.0控制台证书pipe理function无法做到的。
有关如何使此选项显示的任何build议?
该菜单选项不是Windows 2003 R2上的一项function。
你可能想通过命令行来做到这一点,它更加灵活。
如何使用Certreq.exe实用程序创build并提交包含SAN的证书请求
http://support.microsoft.com/kb/931351
http://technet.microsoft.com/en-us/library/cc736326%28WS.10%29.aspx
certreq -new request.inf certnew.req certreq -accept cert.cer C:\UTIL>certreq -v -? certreq.exe: 5.2.3790.1830 retail (srv03_sp1_rtm.050324-1447) Usage: CertReq -? CertReq [-v] -? CertReq [-Command] -? CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]] Submit a request to a Certification Authority. -attrib AttributeString -binary -config ConfigString -crl -rpc CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]] Retrieve a response to a previous request from a Certification Authority. -binary -config ConfigString -crl -rpc CertReq -New [Options] [PolicyFileIn [RequestFileOut]] Create a new request as directed by PolicyFileIn -attrib AttributeString -binary -cert CertId CertReq -Accept [CertChainFileIn | FullResponseFileIn | CertFileIn] Accept and install a response to a previous new request. CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]] Construct a cross certification or qualified subordination request from an existing CA certificate or from an existing request. -attrib AttributeString -binary -cert CertId CertReq -Sign [Options] [RequestFileIn [RequestFileOut]] Sign a cross certification or qualified subordination request. -binary -cert CertId -crl Description: -any - Force ICertRequest::Submit to determine encoding type -attrib AttributeString - Request attribute string -binary - Output files in binary format instead of Base64-encoded -cert CertId - Specify signing certificate by common name, serial number, or by sha-1 Key or cert hash -config ConfigString - Server\CertificationAuthority config string or use a single minus sign (-) as config string -crl - Include CRLs in CertChainFileOut or RequestFileOut -f - Force overwrite of existing files -q - Suppress all interactive dialogs -rpc - Use RPC instead of DCOM server connection -v - Display Full Response Properties -? - Display this usage message RequestFileIn - Base64-encoded or binary input file name: PKCS10 certificate request, CMS certificate request, PKCS7 certificate renewal request, X-509 certificate to be cross-certified, or KeyGen tag format certificate request RequestFileOut - Base64-encoded output file name PKCS10FileOut - Base64-encoded PKCS10 output file name CertFileOut - Base64-encoded X-509 file name CertChainFileOut - Base64-encoded PKCS7 file name FullResponseFileOut - Base64-encoded Full Response file name ConfigString - Backslash separated Server Name and Certification Authority Name: MachineDnsName\CAName AttributeString - Colon separated Name and Value string pairs Each pair separated by a backslash and "n" Example: "Name1: Value1\n Name2: Value2" PolicyFileIn - INF file containing a textual representation of extensions used to qualify a request [NewRequest] Subject = "CN=..,OU=...,DC=..." PrivateKeyArchive = TRUE KeySpec = 1 KeyLength = 1024 RenewalCert = CertId SMIME = TRUE Exportable = TRUE UserProtected = TRUE KeyContainer = "..." MachineKeySet = TRUE Silent = TRUE ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" ProviderType = 1 UseExistingKeySet = TRUE RequesterName = DOMAIN\User RequestType = PKCS10 | PKCS10- | PKCS7 | CMC KeyUsage = 0x80 EncipherOnly = TRUE