Vie (0) Tulosta
Laajenna kaikki
EN
Tätä sisältöä ei ole saatavilla kielelläsi. Tässä on englanninkielinen versio.

Certificate Template Server

Applies To: Windows Server 2008 R2

High-volume certificate issuance scenarios such as Network Access Protection (NAP) deployments with Internet Protocol security (IPsec) enforcement create unique public key infrastructure (PKI) needs. To address these needs, the following options introduced in Windows Server 2008 R2 can be used to configure certificate templates for use by high-volume certification authorities (CAs). These options are available on the Server tab of a certificate template's property sheet.

Do not store certificates and requests in the CA database

Certificates issued in high-volume scenarios typically expire within hours of being issued, and the issuing CA processes a high volume of certificate requests. By default, a record of each request and issued certificate is stored in the CA database. A high volume of requests increases the CA database growth rate and administration cost.

The Do not store certificates and requests in the CA database option configures the template so that the CA processes certificate requests without adding records to the CA database.

ImportantImportant
The issuing CA must be configured to support certificate requests that have this option enabled. On the issuing CA, run the following command: CertUtil.exe –SetReg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS.

Do not include revocation information in issued certificates

Revocation of certificates by some high-volume CAs is not beneficial because the certificates typically expire within hours of being issued.

The Do not include revocation information in issued certificates option configures the template so that the CA excludes revocation information from issued certificates. This prevents checking revocation status during certificate validation and reduces validation time.

noteNote
This option is recommended whenever the Do not store certificates and requests in the CA database option is used.

Additional references

Oliko tästä apua?
(1500 merkkiä jäljellä)
Kiitos palautteestasi

Yhteisösisältö

Lisää
Näytä:
© 2014 Microsoft