{"id":157,"date":"2016-11-28T16:11:50","date_gmt":"2016-11-28T08:11:50","guid":{"rendered":"https:\/\/rol801.com\/wordpress\/?p=157"},"modified":"2016-11-28T16:11:50","modified_gmt":"2016-11-28T08:11:50","slug":"rodc-remote-desktop-gateway-remote-desktop-authentication-certificate","status":"publish","type":"post","link":"https:\/\/rol801.com\/wordpress\/?p=157","title":{"rendered":"RODC + Remote Desktop Gateway + Remote Desktop Authentication Certificate"},"content":{"rendered":"

\u6709\u8da3\u53c8\u53e4\u602a\u5605buildup\u3002
\n\u4fc2\u7528\u5605benifits \u7d55\u5c0d\u6709\uff0c\u81ea\u5df1\u7528Mac\u4fc2\u6709\u7528VPN\u540c\u5187\uff0c\u96fb\u529b\u8010\u7528\u660e\u986f\u6709\u589e\u52a0.<\/p>\n

\u6574\u9ad4Concept\u975e\u5e38\u7c21\u55ae\u3002 RDP over SSL\uff0c\u5373\u4fc2\u53ef\u4ee5\u4ee3\u8868\u66ff\u5514\u9700\u8981VPN.<\/p>\n

Microsoft \u6709\u4e09\u500b\u505a\u6cd5\uff0c\u4f46\u4fc2\u81ea\u5df1\u89ba\u5f97\u7528RODC Extend\u96bbAD\u9ede\u90fd\u6703\u6709\u7528\u3002\"clip_image010_thumb\"<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Deploy RODC \u7d55\u5c0d\u5514\u96e3\uff0c
\nPre-config \u5b9aRODC Machine account \u540c\u653e\u5920\u7528\u5605Port\u5c31\u4e00\u5b9ajoin\u5230\u3002<\/p>\n

\u4f46\u4fc2Member server join\u5c31\u958b\u59cb\u5947\u602a\u3002 \u81ea\u5df1\u5605\u505a\u6cd5\u4fc2\u5148\u4fc2RODC\u7528command gen\u597dfile\uff0c\u4e4b\u5f8c\u518d\u4fc2target server load\u8fd4\u500bfile.<\/p>\n

Provision – File Generation \/ File Load<\/p>\n

djoin \/provision \/domain <domain_name> \/machine <destination computer> \/savefile <filename.txt> [\/machineou <OU name>] [\/dcname <name of domain controller>] [\/reuse] [\/downlevel] [\/defpwd] [\/nosearch] [\/printblob] [\/rootcacerts] [\/certtemplate <name>] [\/policynames <name(s)>] [\/policypaths <Path(s)>]<\/pre>\n
djoin \/requestodj \/loadfile <filename.txt> \/windowspath <path to the Windows directory of the offline image> \/localos<\/pre>\n
\u7576\u5168\u90e8setup\u597d\uff0c\u5c31\u5269\u4e0bAdd Role\uff0c \u975e\u5e38\u7c21\u55ae\u3002 \u53ea\u4fc2allow authorize user group\u7528\u5c31\u5b8c\u6210.<\/p>\n
\u4fc2setup \u5b8c\u6210\u5f8c\uff0c\u518d\u9032\u4e00\u6b65\u8ad7\u518d\u5c07Trust Network\u5165\u9762\u6240\u4ee5\u6709\u6a5fRemoteDesktop Auth \u5605 Self-Signed Cert \u8f49\u6210internalCA\u00a0 sign<\/p>\n
\u540c\u6a23\u5730\uff0c Trust Zone\u8f49\u597d\u6613\uff0c \u4f46\u4fc2DMZ\u5165\u9762\u5605Member Server\u4ea6\u9700\u8981\u66f4\u591aprocedure, \u9700\u8981\u5b89\u88ddCertificate Enrollment Web Services(Username Password), \u65b0\u5605Certificate Template for DMZ,\u540c\u6700\u5f8c\u9700\u8981command\u624b\u52d5\u8f49Remote Desktop Listener Cert<\/p>\n
Reference:<\/p>\n
Remote Desktop Gateway<\/p>\n
https:\/\/blogs.technet.microsoft.com\/enterprisemobility\/2009\/07\/31\/rd-gateway-deployment-in-a-perimeter-network-firewall-rules\/<\/a><\/p>\n
http:\/\/www.lemonbits.com\/2014\/06\/20\/installing-standalone-remote-desktop-gateway-on-the-windows-server-2012-r2-without-complete-remote-desktop-services-infrastructure\/<\/a><\/p>\n
RODC Setup<\/p>\n
https:\/\/technet.microsoft.com\/en-us\/library\/dd728035(WS.10).aspx#run_join_script<\/a><\/p>\n
Offline Join<\/p>\n
https:\/\/technet.microsoft.com\/en-us\/library\/offline-domain-join-djoin-step-by-step(WS.10).aspx<\/a><\/p>\n
Trusted Remote Desktop Auth Certificate<\/p>\n
https:\/\/www.derekseaman.com\/2013\/01\/creating-custom-remote-desktop-services.html<\/a><\/p>\n
Certificate Enrollment Web Services<\/p>\n
 https:\/\/blogs.technet.microsoft.com\/askds\/2010\/05\/25\/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates\/<\/a><\/p>\n
Remote Desktop Listener Certificate<\/p>\n
https:\/\/support.microsoft.com\/en-us\/kb\/3042780<\/a><\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
\u6709\u8da3\u53c8\u53e4\u602a\u5605buildup\u3002 \u4fc2\u7528\u5605benifits \u7d55\u5c0d\u6709\uff0c\u81ea\u5df1\u7528Mac\u4fc2\u6709\u7528VPN\u540c\u5187\uff0c\u96fb\u529b\u8010\u7528\u660e\u986f\u6709\u589e\u52a0. \u6574\u9ad4Concept\u975e\u5e38\u7c21\u55ae\u3002 RDP over SSL\uff0c\u5373\u4fc2\u53ef\u4ee5\u4ee3\u8868\u66ff\u5514\u9700\u8981VPN. Microsoft \u6709\u4e09\u500b\u505a\u6cd5\uff0c\u4f46\u4fc2\u81ea\u5df1\u89ba\u5f97\u7528RODC Extend\u96bbAD\u9ede\u90fd\u6703\u6709\u7528\u3002             Deploy RODC \u7d55\u5c0d\u5514\u96e3\uff0c Pre-config \u5b9aRODC Machine account \u540c\u653e\u5920\u7528\u5605Port\u5c31\u4e00\u5b9ajoin\u5230\u3002 \u4f46\u4fc2Member server join\u5c31\u958b\u59cb\u5947\u602a\u3002 \u81ea\u5df1\u5605\u505a\u6cd5\u4fc2\u5148\u4fc2RODC\u7528command gen\u597dfile\uff0c\u4e4b\u5f8c\u518d\u4fc2target server load\u8fd4\u500bfile. Provision – File Generation \/ File Load djoin \/provision \/domain <domain_name> \/machine <destination computer> \/savefile <filename.txt> [\/machineou <OU name>] [\/dcname <name of domain controller>] … Continue reading “RODC + Remote Desktop Gateway + Remote Desktop Authentication Certificate”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2,3],"tags":[],"class_list":["post-157","post","type-post","status-publish","format-standard","hentry","category-it","category-microsoft"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p71O8A-2x","jetpack-related-posts":[{"id":306,"url":"https:\/\/rol801.com\/wordpress\/?p=306","url_meta":{"origin":157,"position":0},"title":"Kerberos Double Hop Setup \u5099\u5fd8","author":"rol801","date":"April 7, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 Kerberos -\u00a0\u5c0d\u65bc\u81ea\u5df1\u569f\u8b1b\u53eb\u505a\u5e38\u7528\uff0c\u4f46\u4fc2\u6709\u6642\u5019\u90fd\u6703\u5fd8\u8a18\u4e00\u5572\u7279\u5225\u5605Implementation \u65b9\u6cd5\u3002Double Hop \u6b63\u6b63\u4fc2\u81ea\u5df1\u6703\u5fd8\u8a18\u5605\u4e00\u7a2e\u3002 \u5148\u8b1b\u54a9\u4fc2 Single Hop \uff0f Double Hop\u3002 \u00a0 \u9867\u540d\u601d\u7fa9 Single Hop > \u5e73\u5e38 \u5e38\u7528\u5605\u5ea6\u6cd5\uff0c\u597d\u4f3cShare Point\u5481 Double Hop > \u540cSingle Hop \u5605\u5225\u5c31\u4fc2\u6703\u518d\u7528Kerberos\u53bbConnect \u53e6\u4e00\u500bSource\u3002 \uff08\u6ce8\u610f\uff1a\u4fc2\u5169\u6b21Kerberos\uff0c\u6211\u6703\u5e38\u5e38\u5fd8\u8a18\u5605\u5c31\u4fc2\u7b2c\u4e8c\u5c64\u7121\u7528Kerberos\u5605\u99c1\u6cd5\u800cFail Error 401) \u4e0b\u9762\u7b2c\u4e00\u689dReference URL \u4fc2\u975e\u5e38\u6e05\u6670Setup Guide\u3002 \u800c\u5e38\u7528Kerberos Hop\u4fc2 IIS Virtual Directory\u6307\u4fc2 UNC Path \u81ea\u5df1\u559c\u6b61\u7528\u5605\u65b9\u6cd5\u540cArticle \u8b1b\u5605\u6709\u5572\u5514\u540c \u5230\u6cd5\u5982\u4e0b - IIS WebSite\u2026","rel":"","context":"In "IT"","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":134,"url":"https:\/\/rol801.com\/wordpress\/?p=134","url_meta":{"origin":157,"position":1},"title":"\u521d\u8a66SAML\u5927\u96c6\u6703 …..  1.OKTA 2.Sales Force 3.ADFS","author":"rol801","date":"October 15, 2016","format":false,"excerpt":"\u00a0 \u7d55\u5c0d\u4fc2\u65b0\u6311\u6230 !!!!! SAML\u00a0\u00a0\u00a0\u00a0\u00a0 \u4e00\u76f4\u4fc2\u4ee5\u5f80\u5514\u591a\u6562\u53bb\u6382\u5605\u91ce\u3002\u76f8\u6bd4Kerberos\uff0cSAML\u6709\u81ea\u5df1\u89ba\u5f97\u597d\u96e3\u7747\u5605XML (Recursive xml\uff09\u3002\u8ad7\u8d77\u90fd\u6015\u6015\u3002\u6015\u6015\u3002 \u57fa\u5982\u569f\u7dca\u597d\u9ad8\u6a5f\u6703\u8981\u7528\u540c\u81ea\u5df1\u5605\u672a\u96e8\u7da2\u7e46\uff0c\u6c7a\u5b9a\u653e\u624b\u7747\u7747\u4f62...... \u7b2c\u4e00\u4fc2\u6435\u7528\u5605IdP\uff08Identity Provider) \u540cSP(Service Provider) \u96d6\u7136\u5df2\u7d93\u6709ADFS\u4fc2\u5230\u53ef\u7528\uff0c \u4f46\u4fc2ADFS\u5514\u4fc2\u5462\u500b\u4eca\u6b21Buildup\u6700\u521d\u6703\u7528\u5605\u3002 SalesForce\u5df2\u77e5\u5605\u4fc2\u5927\u8def\u5605Service Provider\u3002\u3002 Production \u8981\u9322\u7121\u53ef\u80fd\u3002\u4f46\u4fc2Developer Edition\u4fc2\u5169\u500bUser\u514d\u8cbb \uff0c\u672a\u6435\u5230\u6709\u7121Support\u3002 \u8d85\u5b64\u5bd2\u3002\u3002\u3002\u3002 \u5df2IdP\u4fc2\u6435\u5605\u7576\u4e2d\u7747\u5230OKTA\u3002\u3002 \u4f62\u5c0d\u6bd4\u597d\u5572\u3002 \u4e09\u500bApp\uff0c\u4e00\u767e\u500bUser\u4fc2\u6c38\u4e45\u514d\u8cbb\uff0c\u4ea6\u6709Support\u3002 \u597d\u5572 \u597d\u3002\u3002\u3002 \u6e96\u5099\u5b8c\u6210\u3002\u3002 \u958b\u5de5 \u5927\u81f3\u4e0a\u5605Concept AD \u4fc2Identity\u00a0 Source\uff0c \u6700\u521d\u4ee4\u81ea\u5df1\u4e82\u5605\u4fc2\u9ede\u958bOKTA\u5605UserID. \u56e0\u70ba\u4fc2\u672a\u5b89OKTA Agent\u540cAD link\u57cb\u4e4b\u524d\u3002 OKTA \u81ea\u5df1\u5605user account\u90fd\u4fc2\u7528\u540c\u4e00\u500bdomain suffix. Password \u4e00\u6a23\u6703\u96e3\u53bb\u78ba\u5b9a\u3002 \u4f46\u4fc2\u767c\u73fe\u7576\u5b89\u5b8cOKTA Agent match \u597duser\u4e4b\u5f8c\u3002 \u4fc2\u5f97\u8fd4AD password. \u5373\u4fc2\u5514\u9700\u8981\u6435account \u505alocal\u2026","rel":"","context":"In "ADFS"","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/10\/ADFSSalesforceConfig.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/10\/ADFSSalesforceConfig.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/10\/ADFSSalesforceConfig.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/10\/ADFSSalesforceConfig.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/10\/ADFSSalesforceConfig.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":295,"url":"https:\/\/rol801.com\/wordpress\/?p=295","url_meta":{"origin":157,"position":2},"title":"Azure AD Seamless SSO","author":"rol801","date":"February 28, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 Seamless SSO\uff0c\u4e00\u500b\u66fe\u7d93\u89ba\u5f97\u597d\u96e3\u597d\u96e3\u5605\u6771\u6771\u3002\u4f46\u4fc2\u7d93\u904e\u5462\u5169\u4e09\u5e74\u524dConfigure Kerberos\uff0c\u540c\u958b\u59cb\u63a5\u89f8SAML\u5f8c\u5f97\u5230\u5605\u7d93\u9a57\u3002 Seamless SSO\u5514\u518d\u4fc2\u5481\u96e3\u4ee5\u89f8\u6478\u3002 \u7b2c\u4e00\uff0c\u90fd\u4fc2\u8981\u591a\u8b1d\u6211\u54cb\u5049\u5927\u5605Microsoft\u3002Azure AD\u4fc2\u4e0a\u5e74\u4e5d\u6708\u5de6\u53f3\u5605Update\u3002 Pass-Through Authentication\u3002Microsoft \u89e3\u91cbBenefit\u4fc2Authentication\u6703\u8fd4\u8fd4OnPremises AD\u505a\uff0c\u53ef\u4ee5\u5514\u9700\u8981\u958bPassword Sync\u3002 \u4fc2\u53e6\u4e00\u65b9\u9762\uff0c\u96d6\u7136\u5df2\u7d93\u6709ADFS WAP\uff0c\u4f46\u4fc2\u4fc2DMZ\u5605\u95dc\u4fc2\uff0c\u4fc2\u7121join AD\u3002\u6240\u4ee5Azure Pre-Authentication\u4fc2\u7528\u5514\u5230\u3002\u4fc2\u53e6\u4e00\u65b9\u9762\uff0c\u96d6\u7136\u5df2\u7d93\u6709ADFS WAP\uff0c\u4f46\u4fc2\u4fc2DMZ\u5605\u95dc\u4fc2\uff0c\u4fc2\u7121join AD\u3002\u6240\u4ee5Azure Pre-Authentication\u4fc2\u7528\u5514\u5230\u3002\u4f46\u4fc2\u7528Application Proxy Connector\u5c31\u7121\u5462\u500b\u9650\u5236\u3002Application Proxy Connector\u53ef\u4ee5\u5b89\u88dd\u4fc2\u4efb\u4f55\u4e00\u90e8Domain Joined Server\u3002\u4fc2\u5462\u500b\u56e0\u7d20\u4e4b\u4e0b\uff0cMachine Account \u884c Kerberos\u5c31\u7d55\u5c0d\u7121\u96e3\u5ea6\u3002 \u6b65\u9a5f\u53ef\u4ee5\u7167\u8ddfMicrosoft\u3002\u8b02\u7368\u6709\u4e00\u500bStep\u4ee4\u6211\u7279\u5225\u7559\u610f\uff0c\u56e0\u70ba\u540c\u4ee5\u5f80Configure KCD\u5514\u540c\u3002Common\u4fc2Delegation - \"Trust this computer for delegation to specified services only\" \u4e0b\u9762\u5605Section\u4fc2\u63c0\u00a0\"Kerberos only\"\uff0c\u4f46\u4fc2\u4eca\u6b21Config Application Proxy Delegation\u4fc2\u7528\"Use Any\u2026","rel":"","context":"In "Azure AD"","block_context":{"text":"Azure AD","link":"https:\/\/rol801.com\/wordpress\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/microsoft-azure-640x401.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":189,"url":"https:\/\/rol801.com\/wordpress\/?p=189","url_meta":{"origin":157,"position":3},"title":"Microsoft ActiveSync – New EAS Website with Certificate Base Authentication(CBA) in same server","author":"rol801","date":"May 12, 2017","format":false,"excerpt":"\u70ba\u5de6\u5514\u4f7f\u8d77\u591a\u90e8CAS\uff0c\u4f46\u53c8\u53ef\u4ee5\u8a66CBA\uff0c \u53ea\u4fc2\u7528\u52a0\u591a\u4e00\u5f35NIC\uff0c\u591a\u4e00\u7c92IP\u3002 \u7d55\u5c0d\u4fc2\u5feb\u975a\u6b63\u3002 \u4f46\u4fc2\uff0c\u4fc2deployment\u5605\u904e\u7a0b\uff0c\u4fc2\u7d55\u5c0d\u4ffeExchange\/IIS\u73a9\u6b7b\u3002 \u5462\u4e0bWebsite\u5605\u6b65\u9a5f\u7d55\u5c0d\u7121\u932f\uff08\u63a8\u85a6\u7b2c\u4e00\u500b\uff09 \u9047\u5230\u554f\u984c\u5982\u4e0b 1\u3002\u540c\u4e00\u5f35NIC\u7528\u4e8c\u7c92IP\uff0c\u4fc2setup\u6642\u6703\u884d\u751fHost \u932fIP\u554f\u984c\uff0c\u6240\u4ee5\u5514\u5efa\u8b70 2\u3002\u7576\u4e2d\u907f\u514d\u7528IIS\u53bbSet\uff0c\u7279\u5225\u4fc2Step 11\u958bclientCertificateMappingAuthentication\uff0c\u540c\u57cb\u6700\u5c3eenable \"Require Client Certificate\" \u96d6\u7136\u4fc2IIS\u90fd\u6703\u6539\u5230\uff0c\u4f46\u4fc2\u5049\u5927\u5605M\uff04\u8a71Exchange \u91ce\u61c9\u8a72\u8fd4Exchange Admin Center\uff08EAC\uff09\u505a\uff0c\u540cSharePoint \u4e00\u6a23...... \u5514\u76f8\u4fe1....\u6211\u81ea\u5df1\u5f97\u5230\u5605\u4ee3\u50f9\uff0c\u5c31\u4fc2\u5514\u540c\u5605IIS Error\u3002\u3002 \u53ef\u80fd\u4fc2403.7 \uff0c\u63a5403.16........ \u518d\u5514\u4fc2\uff0c\u51faError 500\u3002\u3002\u606d\u559c\uff5eGameOver\u3002\u3002\u3002 \u9047\u904e\u597d\u5e7e\u6b21\uff0c\u8981delete site\uff0c\u7531\u982d\u518d\u569f..... 3\u3002EWS IIS Error 413, \u5514Fix, Notification\u4ea6\u6703\u505c\u5514work \u9700\u8981\u6539\u4ee5\u4e0b C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\autodiscover\\web.config C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\ews\\web.config 2. Replace the value \"uploadReadAheadSize\" of 0 to 1048576 (bytes) in\u2026","rel":"","context":"In "IT"","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/08\/images.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":216,"url":"https:\/\/rol801.com\/wordpress\/?p=216","url_meta":{"origin":157,"position":4},"title":"Active Directory Certificate Authority Sha1 to Sha2 Migration \u5be6\u9304","author":"rol801","date":"June 30, 2017","format":false,"excerpt":"\u00a0 \u505aPKI\uff0c\u73a9Cert related \u5605\u6771\u6771\u3002\u5514\u4fc2Public \uff0c \u5c31\u4fc2Private\u3002 Public Cert \u5927\u591a\u4fc2\u7528$$\u89e3\u6c7a\u5230\u3002\u4f46\u4fc2Internal CA\u5514\u540c\uff0c\u6574\u500bCA\u53c8\u8d77\uff0c\u751fTemplate \u53bb\u5230\u6d3eCert\u90fd\u8981\u7406\u3002 \u8d77\u5514\u96e3\u3002 \u4f46\u4fc2Cert\u505aMigration\uff0c\u751a\u81f3\u56e0\u70bahash algorithm \u9032\u6b65\u5df2\u986f\u751f\u5605\u554f\u984c\u5148\u4fc2\u96e3\u3002 \u57fa\u65bcSha1\u5df2\u7d93\u5514\u5b89\u5168\uff0c\u800cWindows Server 2003 base CA \u5605 \"Microsoft Strong Cryptographic Provider\" \u4ea6\u5514Support SHA2\u3002\u6240\u4ee5\u9700\u8981Migrate \u517c\u8f49\u53bb\u65b0\u5605 Key Storage Provider (KSP) Backup , Migration, Restore Procedure \u8ddfM$ Article \u90fd\u91cdOK\u3002CA Backup, Registry \u540cCA Root Cert\/ Private Key \u7d55\u5c0d\u5514\u53ef\u4ee5\u61f6\u3002 \u81ea\u5df1\u4fc2\u5462\u500bmigration\u6574\u944a\u500b\u4e00\u6b21\uff0c\u7121backup\u795e\u4ed9\u90fd\u96e3\u6551..................... \u4e0b\u9762\u7b2c\u4e00\u689dlink\u2026","rel":"","context":"In "IT"","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":93,"url":"https:\/\/rol801.com\/wordpress\/?p=93","url_meta":{"origin":157,"position":5},"title":"Postfix incoming\/outgoing mail routing \u5be6\u4f5c","author":"rol801","date":"February 17, 2016","format":false,"excerpt":"\u00a0 \u73a9\u81ea\u5df1\u96bbDomain Linux server\u5481\u591a\u5e74.\u5f9e\u4f86\u90fd\u7121\u9ede\u8ad7\u8981\u591a\u6a5f\u9eceform Infra. \u54e9\u500b\u661f\u671f\u7d42\u65bc\u51fa\u73fe \u9700\u8981prepare Zimbra \u800c\u6709\u5462\u500b\u505a\u6cd5\u5605\u9700\u8981\u3002 \u7686\u56e0\u5514\u60f3\u6d6a\u8cbb N\u5e74\u524d\u8d77\u843d\u5605 CentOS server. \u4f5c\u70baSMTP gateway \u4ea6\u5514\u9700\u8981\u518dreg DNS Record. Outbound SMTP relay \u505a\u5f97\u591a\u3002 \u4f46\u4fc2Inbound\u7d55\u5c0d\u4fc2\u7b2c\u4e00\u6b21\u3002 \u904e\u7a0b\u6574\u8db3\u4e00\u65e5\uff0c\u4f46\u4fc2\u660e\u767d\u4e4b\u5f8c\u7d55\u5c0d\u53ef\u4ee5\u518d\u8ad7\u5f97\u66f4\u8907\u96dc\u3002 \u57fa\u672c\u9700\u6c42\u3002\u3002 \u540c\u4e00Domain\u4e0b\uff0c\u9ece\u7dcaZimbra email\u5605email\u6703\u7d93\u820aserver(Gateway) route\uff08relay)\u5165\uff0c\u00a0 Outbound \u540c\u6a23 relay \u51fa\u3002 \u4f46\u4fc2\u552f\u4e00exception.\u56e0\u70ba\u820aServer\u5df2\u6709\u81ea\u5df1account\u7528\u7dca\uff0c\u9700\u8981keep\u4f4f\u5514\u53ef\u4ee5\u6bd4account\u5605email \u90fdroute\u8d70\u3002 \u9996\u5148\u8981\u4fc2 postfix \u65e2config \/ect\/postfix\/main.cf,\u00a0 \u52a0\u5462\u53e5 \"transport_maps = hash:\/etc\/postfix\/transport\" \u4e4b\u5f8c\u6232\u8089\uff0c\u4fc2 \/etc\/postfix\/transport \u5165\u9762\u6700\u4f4e, \u52a0\u4ee5\u4e0b \u81ea\u5df1\u8981\u7559\u4f4f\u5514route\u5605email address , \u63a5\u4f4f\u4fc2\u81ea\u5df1\u6a5f\u5668\u6536\u2026","rel":"","context":"In "IT"","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"Integrations-Postfix-340x216","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/02\/Integrations-Postfix-340x216.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=157"}],"version-history":[{"count":2,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/157\/revisions"}],"predecessor-version":[{"id":160,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/157\/revisions\/160"}],"wp:attachment":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}