CAPolicy.inf 和 Install-AdcsCertificationAuthority

tag-icon tag-icon certificate-authority windows-server-2019
CAPolicy.inf 和 Install-AdcsCertificationAuthority

我正在创建 2 层 PKI,想知道为什么这么多教程都创建这样的 capolicy.inf

[Version]
Signature="$Windows NT$"
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
URL=http://pki.bedrock.domain/pki/cps.html
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
CRLPeriod=Years
CRLPeriodUnits=20
CRLDeltaPeriod=Days
CRLDeltaPeriodUnits=0
LoadDefaultTemplates=0

然后运行这样的 cmdlet

Install-AdcsCertificationAuthority -CAType StandaloneRootCA -CACommonName "Bedrock Root Certificate Authority" -KeyLength 4096 -HashAlgorithm SHA256 -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -ValidityPeriod Years -ValidityPeriodUnits 20 -Force

我不太了解 CA,但似乎我们正在加倍努力,如下所示:

CRLPeriod=Years
CRLPeriodUnits=20

和这里

-ValidityPeriod Years -ValidityPeriodUnits 20

我们配置相同的东西。

例子: https://timothygruber.com/pki/deploy-a-pki-on-windows-server-2016-part-3/

而且不只是这个教程,还有很多教程。肯定有些地方我不明白,如果有人能解释一下就好了。

答案1

我想我找到了答案,这些是不一样的:

https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/prepare-the-capolicy-inf-file

相关内容