2009-12-22

SSL憑證轉移

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates
  1. From the Web server, click Start Run
  2. In the text box, type mmc
  3. Click OK
  4. From the Microsoft Management Console (MMC) menu bar, select Console (in IIS 5.0) or  File (in IIS 6.0) > Add/Remove Snap-in
  5. Click Add
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the snap-in list window, click Close
  13. In the Add/Remove Snap-in window, click OK
  14. Save these console settings for future use
Step 2: Export the certificate
1.  Open the Certificates (Local Computer) snap-in you added, and selectPersonal > Certificates
2.  The Subject field of the certificate lists the Common Name (CN). (ClickTools > Internet Options > Content to view the Common Name if you are not sure)
3.  Right-click on the desired certificate and select All Tasks > Export. The Certificate Export Wizard opens
 
4.  Select Yes, export the private key
5.  Click Next
6.  In the Export File Format window, ensure the option for Personal Information Exchange  – PKCS#12 (.pfx) is selected
7.  Select Include all certificates in the certificate path if possible and then click Next. (If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients.
8.  De-select Require Strong Encryption. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail).
9.  Click Next
10.  Enter and confirm a password to protect the PFX file and click Next
11.  Choose a file name and location for the export file (do not include an extension in your file name; the wizard automatically adds the PFX extension for you)
12.  Click Next
13.  Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct
14.  Click Finish
Step 3: Import (or move) a Certificate
A. Import the Certificate
1.  Create a Microsoft Management Console (MMC) snap-in for managing certificates, as described in solution SO6127.
 
NOTE:  You must use the Computer Account when creating the Snap-in
2.  Open the Microsoft Management Console (MMC).
3.  On the left pane, click Certificates.
4.  On the right pane, double-click Personal.
5.  On the right pane, right-click Certificates and select All Tasks >Import (this opens the Certificate Import Wizard). Click Next.
6.  Browse to the certificate that you want to import and click Next.
7.  Enter the password used to secure the certificate for export and then click OK.
8.  To export the certificate again from this computer, select Mark the key as exportable.
9.  Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.
10.  Click Finish. A message confirms successful import. Click OK.
 
B. Assign the Certificate
 
1.  Open the Internet Information Services (IIS) Manager: Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manger.
2.  In the Web Sites section, right-click your Web Site and selectProperties.
3.  Click the Directory Security tab.
4.  In the Secure Communications section, click Server Certificate(this opens the Web Server Certificate Wizard) and then click Next.
5.  Select Assign an existing certificate and then click Next.
6.  Select the certificate to import (denoted by the Common Name) and then click Next.
7.  A summary page displays the details of the certificate that you are installing. Ensure that this information is correct and then click Next.
8.  Click Finish.

2009-12-10

Change the default PORT of RDC

1.開始->執行->輸入regedit->確定
2.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\Repwd\Tds\Tcp中的PortNumber用十進位改成你想要的Port。
3.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp中的PortNumber用十進位改成你想要的Port。
4.記得修改防火牆上的設定,新增一個連接埠,輸入剛剛TCP Port。
這樣便完成Server端設定。
至於client端就只要在後面加上192.168.0.1:xxxx,xxxx為剛設的TCP Port,這樣就可以正常使用了。