Rutoken documentation

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Технический писатель

Saved on

compared with

New Version 2

changes.mady.by.user Технический писатель

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open Server Manager.
  2. Click on the name of the Manage menu item and select Add roles and components.
  3. In the window Wizard for Adding Roles and Components read the information and click on the Next button.
  4. Set the switch to Install roles or components and click on the Next button.
  5. Set the switch to Select a server from the server pool.
  6. In the table Server pool click on the name of the required server.
  7. Click on the Next button.
  8. Check the box of the Active Directory Certificate Services.
  9. In the window that appears, click on Add components. As a result, a checkbox will be displayed next to the name of the selected server role.
  10. Click on the Next button.
  11. In the window for the selection of components, click on the Next button.
  12. Read the information and click on the Next button.
  13. Select the Certificate Center checkbox and click on the Next button.
  14. To start the installation process, click Install.
  15. Wait for the installation process to complete and click on the [Close] button.
  16. On the left side of the window Server Manager click on the item name Active Directory Certification Services.
  17. Click on the exclamation mark.
  18. Click on the link Configure Active Directory Certificate Services.
  19. Read the information and click on the [Next] button button.
  20. Select the Certificate Center checkbox and click on the [Next] button button.
  21. Set the switch next to the name of the required CC installation option (in this example, the company's CС is selected) and click [Next].
  22. Set the switch next to the name of the CC type (in this example, select the Root CC, since this will be the main certification center in the domain). Click on the [Next] button button.
  23. In the window for specifying the type of private key, specify the secret key that will be used for the certification center (in this example, select Create a new private key, because a secret key for the certification center has not been created before). Click on the [Next] button button.
  24. In the next window, to specify the encryption parameters, select an encryption provider in the drop-down list Select an encryption service provider.
  25. In the drop-down list called Key length select the desired value.
  26. Click on the name of the required hash algorithm.
  27. Click on the [Next] button.
  28. In the window to specify the name of the CC, enter the values of all fields and click on the [Next].
    The data entered here is informative. It is recommended to specify them. Abbreviations have the following meaning: "O" — Organization, "OU" — Organization Unit, "L" - City (Location), "S" — State or province, "C" — Country/region, "E" - E-mail.
  29. Enter the validity period of the certificate to create a CC.
    Upon expiration of the CC certificate, it will be necessary to reissue the certificates to all existing users.
  30. In the field Location of the certificate database enter enter the path to the certificate database and click [Next].
  31. Read the information and click on the [Configure] button button.
  32. Wait for the installation process to complete and click on the [Close] button button.

Adding Certificate Templates to the Certification Center

...

  1. Open the Control panel.
  2. Double-click on the name of the Administration item.
  3. Double-click on the name of the Certification Center snap-in.
  4. Right-click on the name of the Certificate Templates folder and select the Management item.
  5. Right-click on the template name User with a smart card and select Copy the template. A window called Properties of the new template will open.
  6. Select the following settings:
    Parameter value for the Minimum key size must be at least 1024.
  7. Click on the [Apply] button button.
  8. Click on the [OK] button button.
  9. Go to the Certification Center window.
  10. Right-click on the name of the Certificate Templates folder.
  11. Select the item Create and subitem Issued certificate template.
  12. In the window called Enabling certificate templates click on the template name Registration agent.
  13. Hold down the [Ctrl] key key.
  14. Click on the template name User with RuToken.
  15. Click on the [OK] button button.
  16. Close the Certification Center window.

...

For issuing certificates of the Administrator user and ordinary users with the help of an mmc console:

  1. Press the [Windows + X] combination  combination and select the menu item Execute.
  2. Enter the command "mmc" and click on the [OK] button button.
  3. In the window Console 1 select the File menu itemand the subitem Add or remove a snap-in...
  4. On the left side of the window Adding and removing snap-ins click on the name Certificates.
  5. Click on the [Add] button.
  6. In the window that opens, set the switch of my user account and click [Done].
  7. In the window Adding and removing snap-ins click on the [OK] button.
  8. On the left side of the window Console1 click on the Personal folder name.
  9. Click on the Certificates folder name.
  10. In the right part of the window, right-click in an empty space of the window.
  11. Select the item All tasks and the subitem Request a new certificate...
  12. In the window Registration of certificates read the information and click on the [Next] button.
  13. Click on the [Next] button.
  14. Select the Administrator checkbox and click on the [Request] button.
  15. Click on the [Done] button.
  16. On the left side of the window Console1 click on the Personal folder name.
  17. Click on the Certificates folder name.
  18. In the right part of the window, right-click in an empty space of the window.
  19. Select the item All tasks and the subitem Request a new certificate...
  20. Read the information presented in the Registration of certificates window. Click on the [Next] button.
  21. Click on the [Next] button.
  22. Select the Registration agent checkbox and click on the [Request] button.
  23. Click on the [Done] button.
  24. On the left side of the window Console1 click on the Personal folder name.
  25. Right-click on the Certificates folder name and select All tasks.
  26. Select the subitem Additional operations.
  27. Select the subitem Register on behalf of...
  28. Read the information and click on the [Next] button.
  29. Click on the [Next] button.
  30. Click on the [Review...] button.
  31. Click on the name of the certificate belonging to the Registration Agent type (to determine the type of certificate, open the certificate properties).
  32. Click on the [OK] button.
  33. Click on the [Next] button.
  34. Set the switch to User with RuToken and click on the [Next] button.
  35. In the window called Registration of certificates click on [Review...].
  36. In the field Enter the names of the selected objects enter the name of the user to whom the certificate of User with RuToken type will be issued.
  37. Click on [Check the names].
  38. Click on the [OK] button.
  39. The field User name or alias will be filled in automatically.
  40. Click on the [Request] button.
  41. Enter the User's PIN and click on the [OK] button.
  42. Click on the [Close] button.
  43. As a result, the certificate of User with RuToken type is issued and saved on the token.
  44. To view the properties of this certificate, click [View certificate].
  45. To close the certificate window, click on the [OK] button.
  46. In a similar way, issue the certificates for all users who need them. You also need to issue a certificate of User with RuToken type to the Administrator user.

...