您好,最近要考試,然後看到一題考題上面寫
DC是2008
Enterprise root CA是2008R2
Network Device Enrollment Service是2008R2
You need to ensure that all device certificate requests use the MD5 hash algorithm.
然後,答案是這個:On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.
想請問的是,為何答案是這個,以及DC、CA、NDES這些一個大概的觀念及實務,上網查了很多資料,看了都霧煞煞的~"~
煩請好心人士幫忙解說一下了,謝謝
已邀請的邦友 {{ invite_list.length }}/5
您可參考:
http://technet.microsoft.com/en-us/library/cc753784(WS.10).aspx
摘錄其中一段,如下:
**What new functionality does NDES provide?
In Windows Server 2003, Microsoft® SCEP (MSCEP) was a Windows Server 2003 Resource Kit add-on that had to be installed on the same computer as the CA. In Windows Server 2008, MSCEP support has been renamed NDES and is part of the operating system; NDES can be installed on a different computer from the CA.
What settings are being added or changed?
The NDES extension to IIS uses the registry to store configuration settings. All settings are stored under one registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP**
ps. 考這題未免也難了點,實務上有佈署 PKI 的企業有多少?
iThome鐵人賽
看影片追技術