Разворачиваем RCA (Microsoft PKI)

Published: 02 September 2023
on channel: Heavily Armed Nerd

721

Установка основного сервера выдачи сертификатов в иерархии PKI

Команды из видео:
notepad C:\Windows\CAPolicy.inf

[Version]
Signature=”$Windows NT$”
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
CRLPeriod=Years
CRLPeriodUnits=20
CRLDeltaPeriod=Days
CRLDeltaPeriodUnits=0
LoadDefaultTemplates=0

Define the Active Directory Configuration Partitions Distinguished Name.

certutil -setreg ca\DSConfigDN "CN=configuration,DC=HeavilyArmedNerd,DC=local"

certutil -setreg ca\DSDomain "DC=HeavilyArmedNerd,DC=local"

This will sets the overlap period between the CRL and the Delta CRL.
certutil.exe –setreg CA\CRLOverlapPeriodUnits 3

_______________________________________________________
This command will sets the CRL Overlap Period to weeks.
certutil.exe –setreg CA\CRLOverlapPeriod “Weeks”

_______________________________________________________
This command will sets the maximum certificate validity period of certificates issued by this.
CA
certutil.exe –setreg CA\ValidityPeriodUnits 10

net stop certsvc
net start certsvc

Watch video Разворачиваем RCA (Microsoft PKI) online without registration, duration hours minute second in high quality. This video was added by user Heavily Armed Nerd 02 September 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 72 once and liked it 2 people.

6,97