域控制器证书VIP免费

域控制器证书微软支持目前，Microsoft支持第三方域控制器证书应用于智能卡登录。目前，Microsoft不支持第三方域控制器证书使用SMTP方法在域控制器之间复制。不支持第三方ca自动注册和域控制器、计算机证书的续订。域控制器证书要求可以手动为域控制器发布证书。为域控制器颁发的证书必须符合以下特定格式要求：o证书必须有一个指向有效的证书吊销列表(CRL)的CRL分发点扩展。o（可选）证书主区域应包含服务器目录的路径：CN=server1.northwindtraders.comOU=DomainControllersDC=northwwindtradersDC=como证书密钥部分中必须包含：数字签名，加密密钥o（可选）证书基本限制部分应包含：[使用者类型=结束实体，路径长度限制=无]o证书增强密钥部分中必须包含：客户端身份验证（1.3.6.1.5.5.7.3.2）服务器验证(1.3.6.1.5.5.7.3.1)o证书主题名称部分中必须包含域控制器对象在dns目录中的全局唯一标识符(GUID)，例如：Othername：1.3.6.1.4.1.311.25.1=ac4b2906aad65d4fa99c4cbcb06a65d9DNSName=server1.northwindtraders.como证书模板必须具有BMP数据类型的扩展："域控制器"注意dsstore.exe-dcmon命令不能识别没有这些扩展的证书。o您必须使用Schannel加密服务提供程序(CSP)来生成密钥。域控制器证书必须安装在本地计算机的证书存储区中。示例证书X509Certificate:Version:3SerialNumber:61497f5e000000000006SignatureAlgorithm:AlgorithmObjectId:1.2.840.113549.1.1.5sha1RSAAlgorithmParameters:0500..Issuer:CN=TestCADC=northwindtradersDC=comNotBefore:2/12/20013:57PMNotAfter:7/10/200110:24AMSubject:CN=TEST-DC1OU=DomainControllersDC=northwindtradersDC=comPublicKeyAlgorithm:AlgorithmObjectId:1.2.840.113549.1.1.1RSAAlgorithmParameters:0500..PublicKeyLength:1024bitsPublicKey:UnusedBits=0000030818902818100b1c884ceea5cda962300104bd507d727f3761fd30f233f8bfa8b6800203409474af533417786d2d3a734195c49003043bf5a3c25a3776954ad84af20b2c2f6004040f7827fb9b0dbcbdb767c13548e3b5e00509e92a2428d97db0706cc5d7a959f7f8b0060c1697b0a6ae78ffa6bc46023d4038845007083612eb2afa2f969e284d99501c488eb008089165a4da434270203010001CertificateExtensions:91.2.840.113549.1.9.15:Flags=0,Length=37SMIMECapabilities[1]SMIMECapabilityObjectID=1.2.840.113549.3.2Parameters=02020080[2]SMIMECapabilityObjectID=1.2.840.113549.3.4Parameters=02020080[3]SMIMECapabilityObjectID=1.3.14.3.2.7[4]SMIMECapabilityObjectID=1.2.840.113549.3.72.5.29.15:Flags=0,Length=4KeyUsageDigitalSignature,KeyEncipherment(a0)2.5.29.37:Flags=0,Length=16EnhancedKeyUsageClientAuthentication(1.3.6.1.5.5.7.3.2)ServerAuthentication(1.3.6.1.5.5.7.3.1)1.3.6.1.4.1.311.20.2:Flags=0,Length=22CertificateTemplateNameDomainController2.5.29.14:Flags=0,Length=16SubjectKeyIdentifiera820ce65633ecda1c8779744fa28437117e36e842.5.29.35:Flags=0,Length=18AuthorityKeyIdentifierKeyID=44b825f8d953c596e18c14d5e45e333afc227be72.5.29.31:Flags=0,Length=f8CRLDistributionPoints[1]CRLDistributionPointDistributionPointName:FullName:URL=http://test-dc1.northwindtraders.com/CertEnroll/TestCA.crlURL=ldap:///CN=TestCA,CN=test-dc1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=northwindtraders,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint1.3.6.1.5.5.7.1.1:Flags=0,Length=10aAuthorityInformationAccess[1]AuthorityInfoAccessAccessMethod=CertificationAuthorityIssuer(1.3.6.1.5.5.7.48.2)AlternativeName:URL=http://test-dc1.northwindtraders.com/CertEnroll/test-dc1.northwindtraders.com_TestCA.crt[2]AuthorityInfoAccessAccessMethod=CertificationAuthorityIssuer(1.3.6.1.5.5.7.48.2)AlternativeName:URL=ldap:///CN=TestCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=northwindtraders,DC=com?cACertificate?base?objectClass=certificationAuthority2.5.29.17:Flags=0,Length=3dSubjectAlternativeNameOtherName:1.3.6.1.4.1.311.25.1=0410968eead7eebabc4281db4f92f588db4aDNSName=test-dc1.northwindtraders.comSignatureAlgorithm:AlgorithmObjectId:1.2.840.113549.1.1.5sha1RSAAlgorithmParameters:0500..