在 Lync Server 2013 中登記智慧卡驗證的使用者Enrolling users for smart card authentication in Lync Server 2013

 

主題上次修改日期: 2013-07-03Topic Last Modified: 2013-07-03

有兩種方法可供您登記智慧卡驗證的使用者。There are generally two methods for enrolling users for smart card authentication. 較簡單的方法是讓使用者直接註冊使用 web 註冊的智慧卡驗證,而更複雜的方法則是使用註冊代理程式。The easier method involves having users enroll directly for smart card authentication using web enrollment, while the more complex method involves using an enrollment agent. 本主題著重于智慧卡憑證的自我註冊。This topic focuses on self-enrollment for smartcard certificates.

如需以登錄代理程式的身分登記使用者的詳細資訊,請參閱在上註冊憑證的其他使用者 https://go.microsoft.com/fwlink/p/?LinkID=313367For more information on enrolling on behalf of users as an enrollment agent, see Enroll for Certificates on Behalf of Other Users at https://go.microsoft.com/fwlink/p/?LinkID=313367.

註冊使用者的智慧卡驗證To Enroll Users for Smart Card Authentication

  1. 使用啟用 Lync 功能之使用者的認證登入 Windows 8 工作站。Log in to the Windows 8 workstation using the credentials of a Lync-enabled user.

  2. 啟動 Internet Explorer。Launch Internet Explorer.

  3. 流覽至 [ 憑證授權單位 Web 登記 ] 頁面 (https://MyCA.contoso.com/certsrv) 例如,Browse to the Certificate Authority Web Enrollment page (e.g. https://MyCA.contoso.com/certsrv).

    注意

    如果您使用的是 Internet Explorer 10,您可能需要在相容性模式中查看此網站。If you are using Internet Explorer 10, you may need to view this website in Compatibility Mode.

  4. 在 [ 歡迎 ] 頁面上,選取 [ 要求憑證]。On the Welcome Page, select Request a certificate.

  5. 接下來,選取 [ 高級要求]。Next, select Advanced Request.

  6. 選取 [ 建立並提交此 CA 的要求]。Select Create and submit a request to this CA.

  7. 在 [憑證範本] 區段中選取 [智慧卡使用者],並以下列值完成「高級憑證要求」:Select Smartcard User under the Certificate Template section and complete the advanced certificate request with the following values:

    • 主要選項 確認他的下列設定:Key Options confirm he following settings:

      • 選取 [ 建立新的按鍵集 ] 選項按鈕Select the Create new key set radio button

      • 若為CSP,請選取 [ Microsoft 基本智慧卡加密提供者]For CSP, select Microsoft Base Smart Card Crypto Provider

      • 如需 主要用法,請選取 [ Exchange (這是唯一可用的選項) 。For Key Usage, select Exchange (this is the only option available).

      • 若為 金鑰大小,請輸入 2048For Key Size, enter 2048

      • 確認已選取 [ 自動機碼容器名稱 ]Confirm that Automatic key container name is selected

      • 請不要選取其他方塊。Leave the other boxes unchecked.

    • 在 [ 其他選項 ] 下,確認下列值:Under Additional Options confirm the following values:

      • 若為 要求格式 ,請選取 CMCFor Request Format select CMC.

      • 若為 雜湊演算法 ,請選取 sha1For Hash Algorithm select sha1.

      • 若為 易記名稱 ,請輸入 Smardcard 憑證For Friendly Name enter Smardcard Certificate.

  8. 如果您使用的是實體智慧卡讀卡機,請將智慧卡插入裝置中。If you are using a physical smartcard reader, insert the smart card into the device.

  9. 按一下 [ 提交 ] 提交憑證要求。Click Submit to submit the certificate request.

  10. 出現提示時,請輸入用來建立虛擬智慧卡的 PIN 碼。When prompted, enter the PIN that was used to create the virtual smart card.

    注意

    預設虛擬智慧卡 PIN 碼值為 ' 12345678 '。The default virtual smart card PIN value is ‘12345678’.

  11. 簽發憑證後,按一下 [ 安裝此憑證 ] 以完成註冊程式。Once the certificate has been issued, click Install this certificate to complete the enrollment process.

    注意

    如果憑證要求失敗,錯誤為「此網頁瀏覽器不支援產生憑證要求」,有三種方法可以解決問題:If your certificate request fails with the error “This Web browser does not support the generation of certificate requests,” there are three possible ways to resolve the issue:

    1. 在 Internet Explorer 中啟用相容性檢視Enable Compatibility View in Internet Explorer

    2. 在 Internet Explorer 中啟用 [開啟內部網路設定] 選項Enable the Turn on Intranet settings option in Internet Explorer

    3. 選取 [Internet Explorer 選項] 功能表中 [安全性] 索引標籤底下的 [將所有區域重設為預設層級] 設定。Select the Reset all zones to default level setting under the Security tab in the Internet Explorer options menu.