在 Lync Server 2013 中为用户注册智能卡身份验证Enrolling users for smart card authentication in Lync Server 2013

 

上次修改的主题: 2013-07-03Topic Last Modified: 2013-07-03

为用户注册智能卡身份验证的方法通常有两种。There are generally two methods for enrolling users for smart card authentication. 更简单的方法是让用户使用 web 注册直接注册智能卡身份验证,而更复杂的方法涉及使用注册代理。The easier method involves having users enroll directly for smart card authentication using web enrollment, while the more complex method involves using an enrollment agent. 本主题重点介绍了智能卡证书的自注册。This topic focuses on self-enrollment for smartcard certificates.

有关作为注册代理代表用户注册的详细信息,请参阅在上代表其他用户注册证书 https://go.microsoft.com/fwlink/p/?LinkID=313367For more information on enrolling on behalf of users as an enrollment agent, see Enroll for Certificates on Behalf of Other Users at https://go.microsoft.com/fwlink/p/?LinkID=313367.

为用户注册智能卡身份验证To Enroll Users for Smart Card Authentication

  1. 使用启用了 Lync 的用户的凭据登录到 Windows 8 工作站。Log in to the Windows 8 workstation using the credentials of a Lync-enabled user.

  2. 启动 Internet Explorer。Launch Internet Explorer.

  3. 浏览到 " 证书颁发机构 Web 注册 " 页 (https://MyCA.contoso.com/certsrv) 例如,Browse to the Certificate Authority Web Enrollment page (e.g. https://MyCA.contoso.com/certsrv).

    备注

    如果使用的是 Internet Explorer 10,则可能需要在兼容模式下查看此网站。If you are using Internet Explorer 10, you may need to view this website in Compatibility Mode.

  4. 在 " 欢迎 " 页面上,选择 " 申请证书"。On the Welcome Page, select Request a certificate.

  5. 接下来,选择 " 高级请求"。Next, select Advanced Request.

  6. 选择 " 创建并向此 CA 提交一个请求"。Select Create and submit a request to this CA.

  7. 在 "证书模板" 部分下选择 "智能卡用户",并使用以下值完成高级证书请求:Select Smartcard User under the Certificate Template section and complete the advanced certificate request with the following values:

    • 主要选项 确认他的以下设置:Key Options confirm he following settings:

      • 选择 " 创建新密钥集 " 单选按钮Select the Create new key set radio button

      • 对于 CSP,选择 Microsoft 基本智能卡加密提供程序For CSP, select Microsoft Base Smart Card Crypto Provider

      • 若要 使用密钥,请选择 " Exchange (这是唯一可) 的选项。For Key Usage, select Exchange (this is the only option available).

      • 对于 密钥大小,请输入 2048For Key Size, enter 2048

      • 确认已选择 " 自动密钥容器名称 "Confirm that Automatic key container name is selected

      • 将其他框保留为未选中状态。Leave the other boxes unchecked.

    • 在 " 其他选项 " 下,确认以下值:Under Additional Options confirm the following values:

      • 对于 请求格式 ,请选择 CMCFor Request Format select CMC.

      • 对于 哈希算法 ,请选择 " sha1"。For Hash Algorithm select sha1.

      • 对于 友好名称 ,请输入 Smardcard 证书For Friendly Name enter Smardcard Certificate.

  8. 如果使用的是物理智能卡读取器,请将智能卡插入设备中。If you are using a physical smartcard reader, insert the smart card into the device.

  9. 单击 " 提交 " 以提交证书请求。Click Submit to submit the certificate request.

  10. 出现提示时,请输入用于创建虚拟智能卡的 PIN。When prompted, enter the PIN that was used to create the virtual smart card.

    备注

    默认的虚拟智能卡 PIN 值为 "12345678"。The default virtual smart card PIN value is ‘12345678’.

  11. 颁发证书后,单击 " 安装此证书 " 以完成注册过程。Once the certificate has been issued, click Install this certificate to complete the enrollment process.

    备注

    如果您的证书请求失败,并出现错误 "此 Web 浏览器不支持生成证书请求",则有三种可能的方法可以解决此问题:If your certificate request fails with the error “This Web browser does not support the generation of certificate requests,” there are three possible ways to resolve the issue:

    1. 在 Internet Explorer 中启用兼容性视图Enable Compatibility View in Internet Explorer

    2. 启用 Internet Explorer 中的 "打开 Intranet 设置" 选项Enable the Turn on Intranet settings option in Internet Explorer

    3. 在 "Internet Explorer 选项" 菜单中的 "安全" 选项卡下,选择 "将所有区域重置为默认级别" 设置。Select the Reset all zones to default level setting under the Security tab in the Internet Explorer options menu.