[cisco-voip] Certificates question

Matt Slaga (US) Matt.Slaga at us.didata.com
Fri Nov 20 12:18:19 EST 2009 

Open the Certificate Authority MMC, and look under 'certificate templates' and see if it is listed there.



From: Tim Reimers [mailto:treimers at ashevillenc.gov]
Sent: Friday, November 20, 2009 12:12 PM
To: Matt Slaga (US)
Cc: cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Certificates question

I'm the one that installed the CA services on that box, eg, I am the CA administrator
I never disabled any of the certificate profiles. this is how CA services were out of the box - I've seen this on other CA servers.

I had the impression as well that I could somehow enable that template to appear on the website for the CA server,
but I can't figure out what to Google for on support.microsoft or some other site like Petri's site.



Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov<mailto:timreimers at ashevillenc.gov>


________________________________
From: Matt Slaga (US) [mailto:Matt.Slaga at us.didata.com]
Sent: Friday, November 20, 2009 12:09 PM
To: Tim Reimers; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Certificates question
If the web server certificate profile is not listed, then it was removed by your CA administrator.  You will either need to do this via command line or request that the default web server certificate profile be reenabled.

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Certificates question


Hi everyone -

I'm having trouble getting a certificate installed for our UCM, using a cert supplied by our domain CA server (not a public CA server)

This may be a more Microsoft-side issue, but I'm hoping that some of the users on here have done this, and know how to get the certificate request
to work right in the Microsoft side.

UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.

I've done the following steps

In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.

What I'm having trouble with is this:

When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp<http://%3cmyserver%3e/certsrv/certrqxt.asp>
and select "Request a Certificate", then "Advanced Certificate Request" (because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select from the dropdown to use the correct template.

From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)

This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/

I realise that is for Linux mailservers, but the concept is the same --

Many articles I've seen deal with XP/Vista/IIS client/application issues where it's an all-Microsoft world.

But this certificate request is NOT coming from a Microsoft platform (as we know Cisco isn't using Microsoft any more)

So a lot of the articles online don't directly deal with my issue of why that template isn't available..


Any ideas?




Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov<mailto:timreimers at ashevillenc.gov>

________________________________

Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.



-----------------------------------------
Disclaimer: 

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only.  If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091120/80ce4d8a/attachment.html>

More information about the cisco-voip mailing list