在 NPS 服务器中测试吊销证书
[英]Testing revoke certificates in NPS server
问题描述
I am testing a NPS server in Windows Server 2022, with PEAP (with certificates), the setup is:
我正在使用 PEAP(带有证书)在 Windows Server 2022 中测试 NPS 服务器,设置为:
- Windows Server 2022 --> AD DS (test.lab), AD CS, NPS Windows 服务器 2022 --> AD DS(测试实验室)、AD CS、NPS
- Windows 10 --> Joined to domain Windows 10 --> 加入域
Certs in Windows Server 2022: Windows Server 2022 中的证书:
NPS configuration:核动力源配置:
Result:结果:
The connection is succesfull, but now, I am trying to revoke the certificate for reject the connection but I dont know how are following steps... I have tried to revoke the certificate with Certificate Authority, but doesn't work连接成功,但现在,我正在尝试吊销拒绝连接的证书,但我不知道如何执行以下步骤...我已尝试通过证书颁发机构吊销证书,但不起作用
1 个解决方案
解决方案1
0 已采纳 2022-04-05 16:43:19
To enable revocation check, please try the following:要启用撤销检查,请尝试以下操作:
- Administrators must enable the RootCertificateNameToAccept parameter and set a registry key to enable functionality.管理员必须启用RootCertificateNameToAccept参数并设置注册表项以启用功能。
- To enable CRL ( Certification revocation List ) for IKEv2 VPN connections,要为 IKEv2 VPN 连接启用 CRL(证书撤销列表),
- Open a PowerShell window and below commands:打开 PowerShell window 及以下命令:
_$Thumbprint = ‘Root CA Certificate Thumbprint’_
_$RootCACert = (Get-ChildItem -Path cert:\LocalMachine\root | Where-Object {$_.Thumbprint -eq $Thumbprint})_
_Set-VpnAuthProtocol -RootCertificateNameToAccept $RootCACert -PassThru_
_New-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2\’ -Name CertAuthFlags -PropertyTYpe DWORD -Value ‘4’ -Force_
_Restart-Service RemoteAccess -PassThru_
Revoking certificates吊销证书
- The administrator must first revoke the certificate on the issuing CA.管理员必须首先撤销颁发 CA 上的证书。
Open a elevated command window and enter the below commands:打开提升的命令 window 并输入以下命令:
_certutil -urlcache * delete_
_certutil -setreg chain\ChainCacheResyncFiletime @now_
- If the above solution doesn't work, please try the following steps:如果上述解决方案不起作用,请尝试以下步骤:
Click start -> Administrative Tools -> Click Certification Authority -> Expand your CA -> Click the Issued Certificates folder -> Select issues certificates -> Click All Tasks -> click Revoke Certificate -> In the Certificate Revocation dialog box -> select Cease of Operation -> click OK点击开始->管理工具->点击证书颁发机构->展开你的CA->点击颁发的证书文件夹->Select颁发证书->点击所有任务->点击吊销证书->在证书吊销对话框中->select停止操作->点击确定
References:参考:
certificate revocation | 证书吊销 | Richard M. Hicks Consulting, Inc. (richardhicks.com) . 理查德·希克斯咨询公司 (richardhicks.com) 。
How to Decommission a Windows Enterprise Certification Authority and How to Remove All Related Objects - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com) . 如何停用 Windows 企业证书颁发机构以及如何删除所有相关对象 - TechNet 文章 - 美国(英语)- TechNet Wiki (microsoft.com) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.