[cisco-voip] Certificates question
Tim Reimers
treimers at ashevillenc.gov
Fri Nov 20 12:06:59 EST 2009
I just noticed in this article
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configura
tion_example09186a00804721c3.shtml
that Cisco says to use Web Server if you have Enterprise.
I'm going to assume that User is what would work with Win2k3 Standard.
Oddly enough, the template exists within cert.msc.
But there, when importing a CertRequest file, you can't select template,
and the process errors out telling me that the Request has no embedded
template.
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov>
________________________________
From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com]
Sent: Friday, November 20, 2009 12:04 PM
To: Tim Reimers; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Certificates question
I think you might need a server enterprise edition server running as
your CA to generate the right type of cert
Matthew Loraditch
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com <mailto:support at heliontechnologies.com>
(p) (410) 252-8830
(F) (443) 541-1593
Visit us at www.heliontechnologies.com
<http://www.heliontechnologies.com>
Support Issue? Email support at heliontechnologies.com
<mailto:support at heliontechnologies.com> for fast assistance!
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Certificates question
Hi everyone -
I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)
This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request
to work right in the Microsoft side.
UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.
I've done the following steps
In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.
What I'm having trouble with is this:
When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp
<http://%3cmyserver%3e/certsrv/certrqxt.asp>
and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.
>From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png
My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)
This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/
I realise that is for Linux mailservers, but the concept is the same --
Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.
But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)
So a lot of the articles online don't directly deal with my issue of why
that template isn't available..
Any ideas?
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091120/99017c2f/attachment.html>
More information about the cisco-voip
mailing list