Sharepoint 2013上的证书问题 [英] Certificate problems on sharepoint 2013

问题描述

我有两个仅供内部网使用的共享点网站，我已经在域服务器上安装了证书CA，然后在共享点服务器上从CA创建了通配符(* .mydomain.local)域证书，并将其分配给了站点. -到目前为止，每个人都很好 域计算机进入共享点站点没有SSL警告.但是我也有许多非域计算机，并且这些计算机会收到有关证书"DLG_FLAGS_INVALID_CA"错误的红色警告

I have two sharepoint websites for intranet purposes only, I have installed Certificate CA on domain server and then on sharepoint server created wildcard (*.mydomain.local)Domain Certificate from CA and assigned it to sites  - so far so good every domain computer entering sharepoint site have no SSL warning. But I have also many of non-domain computers and these getting red warning about bad certificate "DLG_FLAGS_INVALID_CA"

是否可以为域和非域(工作组)计算机获得有效的Intranet共享点证书?
也许我应该以其他方式生成证书?

Is any way to have valid intranet sharepoint certificate for domains and non-domain (workgroup) computer?
Maybe I shoud generate certificate in other way?

推荐答案

非域计算机的问题在于，因为它们不是域成员他们不了解域证书颁发机构，这意味着他们无法检查由CA颁发的通配符证书的有效性.那里有两个 解决该问题的方法.

The problem for non-domain computers is that because they are not members of the domain they don't know about the Domain Certificate authority, which means they can't check the validity of the wildcard cert that was issued by the CA.  There are two ways to get around that problem. 

最好是从操作系统默认识别的公共证书颁发机构购买通配符证书.使用该证书在域和非域计算机上都可以使用.

The best would be to buy a wildcard cert from a public certificate authority that is recognized by the OS by default.  Using that cert would work on both domain and non-domain computers.

另一种可能性是从域CA导出根证书，并将其安装在每台非域计算机上的受信任的根"证书存储中.一旦安装，非域计算机将识别出CA，即使它们不是 域的成员.但是到处都安装导出的证书通常不是可行的解决方案.

The other possibility is to take export the root certificate from the domain CA and install it in the Trusted Root certificates store on every non-domain computer.  Once installed the non-domain computers will recognize the CA even though they aren't a member of the domain.  But installing this exported cert everywhere usually isn't a feasible solution.

这篇关于Sharepoint 2013上的证书问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！