[cisco-voip] Certificates question

Tim Reimers treimers at ashevillenc.gov
Fri Nov 20 12:06:59 EST 2009


I just noticed in this article
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configura
tion_example09186a00804721c3.shtml
 
that Cisco says to use Web Server if you have Enterprise.
I'm going to assume that User is what would work with Win2k3 Standard.
 
Oddly enough, the template exists within cert.msc.
But there, when importing a CertRequest file, you can't select template,
and the process errors out telling me that the Request has no embedded
template.
 
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov> 
 

________________________________

From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com] 
Sent: Friday, November 20, 2009 12:04 PM
To: Tim Reimers; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Certificates question



I think you might need a server enterprise edition server running as
your CA to generate the right type of cert

 

Matthew Loraditch
1965 Greenspring Drive

Timonium, MD 21093 
support at heliontechnologies.com <mailto:support at heliontechnologies.com> 
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com
<http://www.heliontechnologies.com>  
Support Issue? Email support at heliontechnologies.com
<mailto:support at heliontechnologies.com>  for fast assistance!

 

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Certificates question

 

 

Hi everyone -

 

I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)

 

This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request 

to work right in the Microsoft side.

 

UCM 6.1.1-3002

Windows 2003 Standard domain controller acting as our CA server.

 

I've done the following steps

 

In OS Admin, Security, Certificate Management

1. done a certificate signing request for the tomcat

2. Downloaded the resulting file to a folder.

 

What I'm having trouble with is this:

 

When I go to the website for my CA server

http://<myserver>/certsrv/certrqxt.asp
<http://%3cmyserver%3e/certsrv/certrqxt.asp> 

and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select

Submit a Certificate Request or Renewal Request 

I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.

 

>From this link, you can see that there's a template for "Web Server"

http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

 

My CA doesn't have that template - I don't know why.

I have Basic EFS, User, and IPSEC (offline)

 

This is essentially the same process:

http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/

 

I realise that is for Linux mailservers, but the concept is the same -- 

 

Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.

 

But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)

 

So a lot of the articles online don't directly deal with my issue of why
that template isn't available..

 

 

Any ideas?

 

 

 

 

Tim Reimers

Systems Analyst II

Information Technology Services

City of Asheville

70 Court Plaza

Asheville, NC 28801

phone - 828-259-5512

treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091120/99017c2f/attachment.html>


More information about the cisco-voip mailing list