<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:x =
"urn:schemas-microsoft-com:office:excel" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16915" name=GENERATOR>
<STYLE>@font-face {
        font-family: Calibri;
}
@font-face {
        font-family: Tahoma;
}
@page WordSection1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
P.MsoAcetate {
        FONT-SIZE: 8pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
LI.MsoAcetate {
        FONT-SIZE: 8pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
DIV.MsoAcetate {
        FONT-SIZE: 8pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
SPAN.EmailStyle18 {
        COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
SPAN.BalloonTextChar {
        FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text"; mso-style-name: "Balloon Text Char"
}
.MsoChpDefault {
        FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.WordSection1 {
        page: WordSection1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2>I just noticed in this article</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2><A
href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00804721c3.shtml">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00804721c3.shtml</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2>that Cisco says to use Web Server if you have
Enterprise.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2>I'm going to assume that User is what would work with
Win2k3 Standard.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2>Oddly enough, the template exists within
cert.msc.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=736530417-20112009><FONT face=Arial
color=#0000ff size=2>But there, when importing a CertRequest file, you can't
select template, and the process errors out telling me that the Request has no
embedded template.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Tim Reimers</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Systems Analyst II</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Information Technology
Services</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>City of Asheville</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>70 Court Plaza</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Asheville, NC 28801</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>phone - 828-259-5512</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><A
href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</A></FONT></DIV>
<DIV> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Matthew Loraditch
[mailto:MLoraditch@heliontechnologies.com] <BR><B>Sent:</B> Friday, November 20,
2009 12:04 PM<BR><B>To:</B> Tim Reimers;
cisco-voip@puck.nether.net<BR><B>Subject:</B> RE: [cisco-voip] Certificates
question<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=WordSection1>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'">I
think you might need a server enterprise edition server running as your CA to
generate the right type of cert<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<DIV>
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 11pt; COLOR: black; FONT-FAMILY: 'Calibri','sans-serif'">Matthew
Loraditch</SPAN></B><SPAN
style="FONT-SIZE: 11pt; COLOR: black; FONT-FAMILY: 'Calibri','sans-serif'"><BR>1965
Greenspring Drive<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: black; FONT-FAMILY: 'Calibri','sans-serif'">Timonium,
MD 21093 <BR><A href="mailto:support@heliontechnologies.com"><SPAN
style="COLOR: black">support@heliontechnologies.com</SPAN></A><BR>(p) (410)
252-8830<BR>(F) (443) 541-1593<BR><BR>Visit us at <A
href="http://www.heliontechnologies.com"><SPAN
style="COLOR: black">www.heliontechnologies.com</SPAN></A> <BR>Support Issue?
Email <A href="mailto:support@heliontechnologies.com"><SPAN
style="COLOR: black">support@heliontechnologies.com</SPAN></A> for fast
assistance!</SPAN><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p></o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net]
<B>On Behalf Of </B>Tim Reimers<BR><B>Sent:</B> Friday, November 20, 2009 11:56
AM<BR><B>To:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> [cisco-voip]
Certificates question<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Hi everyone
-</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I'm having trouble
getting a certificate installed for our UCM, using a cert supplied by our domain
CA server (not a public CA server)</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">This may be a more
Microsoft-side issue, but I'm hoping that some of the users on here have done
this, and know how to get the certificate request </SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">to work right in the
Microsoft side.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">UCM
6.1.1-3002</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Windows 2003 Standard
domain controller acting as our CA server.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I've done the
following steps</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">In OS Admin,
Security, Certificate Management</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">1. done a certificate
signing request for the tomcat</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">2. Downloaded the
resulting file to a folder.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">What I'm having
trouble with is this:</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">When I go to the
website for my CA server</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><A
href="http://%3cmyserver%3e/certsrv/certrqxt.asp">http://<myserver>/certsrv/certrqxt.asp</A></SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">and select "Request a
Certificate", then "Advanced Certificate Request" (because I'm not doing a
simple User cert), then select</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><STRONG>Submit a Certificate Request or Renewal
Request</STRONG> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I get the page where
you can browse and upload a certificate, select from the dropdown to use the
correct template.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">From this link, you
can see that there's a template for "Web Server"</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><A
href="http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png">http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png</A></SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">My CA doesn't
have that template - I don't know why.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I have Basic EFS,
User, and IPSEC (offline)</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">This is essentially
the same process:</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><A
href="http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/">http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/</A></SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I realise that is for
Linux mailservers, but the concept is the same -- </SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Many articles I've
seen deal with XP/Vista/IIS client/application issues where it's an
all-Microsoft world.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">But this certificate
request is NOT coming from a Microsoft platform (as we know Cisco isn't using
Microsoft any more)</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">So a lot of the
articles online don't directly deal with my issue of why that template isn't
available..</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Any
ideas?</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Tim
Reimers</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Systems Analyst
II</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Information
Technology Services</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">City of
Asheville</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">70 Court
Plaza</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Asheville, NC
28801</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">phone -
828-259-5512</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><A
href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</A></SPAN><o:p></o:p></P>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV></DIV></BODY></HTML>