[cisco-voip] Certificates question

Tim Reimers treimers at ashevillenc.gov
Fri Nov 20 12:12:00 EST 2009


I'm the one that installed the CA services on that box, eg, I am the CA
administrator
I never disabled any of the certificate profiles. this is how CA
services were out of the box - I've seen this on other CA servers.
 
I had the impression as well that I could somehow enable that template
to appear on the website for the CA server,
but I can't figure out what to Google for on support.microsoft or some
other site like Petri's site.
 
 
 
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov> 
 

________________________________

From: Matt Slaga (US) [mailto:Matt.Slaga at us.didata.com] 
Sent: Friday, November 20, 2009 12:09 PM
To: Tim Reimers; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Certificates question



If the web server certificate profile is not listed, then it was removed
by your CA administrator.  You will either need to do this via command
line or request that the default web server certificate profile be
reenabled.

 

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Certificates question

 

 

Hi everyone -

 

I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)

 

This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request 

to work right in the Microsoft side.

 

UCM 6.1.1-3002

Windows 2003 Standard domain controller acting as our CA server.

 

I've done the following steps

 

In OS Admin, Security, Certificate Management

1. done a certificate signing request for the tomcat

2. Downloaded the resulting file to a folder.

 

What I'm having trouble with is this:

 

When I go to the website for my CA server

http://<myserver>/certsrv/certrqxt.asp
<http://%3cmyserver%3e/certsrv/certrqxt.asp> 

and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select

Submit a Certificate Request or Renewal Request 

I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.

 

>From this link, you can see that there's a template for "Web Server"

http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

 

My CA doesn't have that template - I don't know why.

I have Basic EFS, User, and IPSEC (offline)

 

This is essentially the same process:

http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/

 

I realise that is for Linux mailservers, but the concept is the same -- 

 

Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.

 

But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)

 

So a lot of the articles online don't directly deal with my issue of why
that template isn't available..

 

 

Any ideas?

 

 

 

 

Tim Reimers

Systems Analyst II

Information Technology Services

City of Asheville

70 Court Plaza

Asheville, NC 28801

phone - 828-259-5512

treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov> 

 

________________________________

Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the designated
addressee(s) named above only. If you are not the intended addressee,
you are hereby notified that you have received this communication in
error and that any use or reproduction of this email or its contents is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by replying to this
message and deleting it from your computer. Thank you. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091120/67d2f24c/attachment.html>


More information about the cisco-voip mailing list