[cisco-voip] Adding Microsoft CA issued PKCS#10 certificate into CCM 5..x / 6.x

Serg c719562 at gmail.com
Mon Jan 21 21:37:41 EST 2008 

Hi All ...

I'm still struggling trying to Microsoft CA issued PKCS#10 certificate into
CCM 5.1.x and I'm hoping you can give me a hand.


1-) I have managed to upload my own Trusted Root CA.

2-) I have generated a CSR from the Callmanager box, then I go to my
Microsoft Certificate Authority and submit the CSR using the 'Webserver'
template.

The CSR is then signed and returned.

When attempting to upload a certificate that is signed by this CA,
callmanger OS admin site rejects it.

I did notice that when you generate a CSR the Cisco OS Admin site says:

*The CSR contains the public key and certificate information needed to
generate an X.509 certificate. This includes the following extensions
contained in an ExtensionRequest: *

*X.509 Extensions:*

*Requested Extensions:*

*X509v3 Key Usage:*

*Data Encipherment, Digital Signature, Key Agreement, Key Encipherment*

*X509v3 Extended Key Usage:*

*TLS Web Server Authentication, TLS Web Client Authentication, IPSec End
System*

*X509v3 Subject Alternative Names:*

*(uniformResourceIdentifier) ..sip:CN=testccm51x.mycompany.com*

*If your CA does not support the ExtensionRequest mechanism, you must enable
the X.509 extensions listed above, or your 'CallManager' certificate will be
unusable*

*Please use this CSR to generate a certificate using your CA. After
generation please upload the new certificate using "Security" ->
"Certificate Management" -> "Upload Certificate/CTL" and choose "Upload Own
Cert" *

This sort of tells me that the 'Webserver' certificate template in the Win2003
Certificate authority is probably not the correct template !

*Any ideas on what template I need to use or how I could make a custom
template to meet these requirements ?*

Does Cisco have any DETAILED information on how to do this.   I have read
lots and lots of documentation on CCO but none of seems to indicate how to
create the certificate and what template to use on Microsoft CA.

Thanks in advance,

Sergio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20080122/6060102e/attachment-0001.html

More information about the cisco-voip mailing list