自動登録構成ユーティリティを設定する

自動登録構成ユーティリティを使用して、Autoenrollment Server の設定値を設定する。このユーティリティを使用して Active Directory にデータを書き込むには、管理者権限が必要です。

Autoenrollment Server は Windows のサービスとして実行されます。自動登録サービスを開始する前に、ユーティリティで構成の設定を行う必要があります。

自動登録構成ユーティリティの設定手順

自動登録管理者として Autoenrollment Server のマシンにログオンします。
スタートメニューで、［DigiCert］を選択し、［自動登録構成］を右クリックして、［管理者として実行］を選択します。
以下の設定を完了または確認します。
1. Select the DigiCert ONE – DigiCert® Trust Lifecycle ManagerDigiCert® Trust Lifecycle Manager radio button in the CA Platform section.
2. In the Credential section, select either the API Key or RA Certificate radio button.
3. For RA certificate authentication (required for Windows Hello for Business integration):
  For software-based certificates,
  1. Select the File... button.
  2. Select Yes in the popup window.
  3. Select Browse.... button.
  4. Choose the client authentication certificate you generated.
  5. Enter the password copied during client authentication certificate generation under PIN.
  6. Select OK.
  For HSM-based certificates,
  1. Select the Store … button.
  2. Select Yes in the popup window.
  3. Select your client authentication certificate from the dropdown list, leave the PIN field empty and select OK.
  4. The validity of the RA certificate is displayed. You can also check the RA certificate by selecting View.
4. For API key authentication,
  1. Select the API Key radio button.
  2. Populate API Key with the service user API token you generated.
5. In the Endpoint section, populate Server Name and Server Port based on your authentication method:
  - For RA certificate authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (for example, Server Name=clientauth.one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
  - For API Key authentication: Specify the URL and the port number of the DigiCert ONE CA web service you need to communicate with (for example, Server Name=one.digicert.com and Server Port=443 for cloud hosted DigiCert ONE instances). For on-premises DigiCert ONE deployments, use the appropriate server host.
6. If the Autoenrollment Server is communicating with DigiCert ONE via a proxy server, enter your proxy server details in the Proxy Server (IP/Hostname), Proxy Port, Proxy Username, and Proxy Password fields.
  Use the netsh utility with command winhttp set proxy to configure proxy settings. For details, see netsh winhttp documentation.
7. In the Configuration section, populate the Config File location.
  1. Select the Download from DigiCert ONE button.
  2. Select the Certificate profiles checkbox, then select Download AE Server config file.
  3. Select Save.
  4. Select OK.
  5. Select OK.
8. Verify the location and contents of the Log Properties file. This file defines the logging configuration such as log file path and log level. The default is specified as logger.properties in the installation directory of Autoenrollment Server. Select Browse to choose a different log properties file. Select View to check and modify the log properties file contents. Refer to section Log properties configuration options for details about the configuration.
After all the configuration details have been populated, the Autoenrollment Server’s connection to DigiCert CA can be tested using the Test button next to Connection. The connection test will result in one of the following message dialogs:
- If the Autoenrollment Server establishes a connection, "Success: The connection could be established" is displayed.
- If the connection fails, “Failure: The connection could not be established" is displayed. For any configuration errors, refer to the log file located at C:\User\<AE Administrator>\AEConfig.log
Select OK to save the configuration settings and exit the configuration utility.

このセクションの内容: