Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: VOIP

Certificates question

  

 
Cisco voip RSS feed   Index | Next | Previous | View Threaded


treimers at ashevillenc

Nov 20, 2009, 8:55 AM

Post #1 of 6 (602 views)
Permalink
Certificates question
Hi everyone -

I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)

This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request
to work right in the Microsoft side.

UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.

I've done the following steps

In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.

What I'm having trouble with is this:

When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp
and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.

>From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)

This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/

I realise that is for Linux mailservers, but the concept is the same --

Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.

But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)

So a lot of the articles online don't directly deal with my issue of why
that template isn't available..


Any ideas?




Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc <mailto:timreimers [at] ashevillenc>


MLoraditch at heliontechnologies

Nov 20, 2009, 9:04 AM

Post #2 of 6 (567 views)
Permalink
Re: Certificates question [In reply to]
I think you might need a server enterprise edition server running as your CA to generate the right type of cert

Matthew Loraditch
1965 Greenspring Drive
Timonium, MD 21093
support [at] heliontechnologies<mailto:support [at] heliontechnologies>
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com>
Support Issue? Email support [at] heliontechnologies<mailto:support [at] heliontechnologies> for fast assistance!

From: cisco-voip-bounces [at] puck [mailto:cisco-voip-bounces [at] puck] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip [at] puck
Subject: [cisco-voip] Certificates question


Hi everyone -

I'm having trouble getting a certificate installed for our UCM, using a cert supplied by our domain CA server (not a public CA server)

This may be a more Microsoft-side issue, but I'm hoping that some of the users on here have done this, and know how to get the certificate request
to work right in the Microsoft side.

UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.

I've done the following steps

In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.

What I'm having trouble with is this:

When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp<http://%3cmyserver%3e/certsrv/certrqxt.asp>
and select "Request a Certificate", then "Advanced Certificate Request" (because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select from the dropdown to use the correct template.

>From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)

This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/

I realise that is for Linux mailservers, but the concept is the same --

Many articles I've seen deal with XP/Vista/IIS client/application issues where it's an all-Microsoft world.

But this certificate request is NOT coming from a Microsoft platform (as we know Cisco isn't using Microsoft any more)

So a lot of the articles online don't directly deal with my issue of why that template isn't available..


Any ideas?




Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc<mailto:timreimers [at] ashevillenc>


treimers at ashevillenc

Nov 20, 2009, 9:06 AM

Post #3 of 6 (561 views)
Permalink
Re: Certificates question [In reply to]
I just noticed in this article
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configura
tion_example09186a00804721c3.shtml

that Cisco says to use Web Server if you have Enterprise.
I'm going to assume that User is what would work with Win2k3 Standard.

Oddly enough, the template exists within cert.msc.
But there, when importing a CertRequest file, you can't select template,
and the process errors out telling me that the Request has no embedded
template.

Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc <mailto:timreimers [at] ashevillenc>


________________________________

From: Matthew Loraditch [mailto:MLoraditch [at] heliontechnologies]
Sent: Friday, November 20, 2009 12:04 PM
To: Tim Reimers; cisco-voip [at] puck
Subject: RE: [cisco-voip] Certificates question



I think you might need a server enterprise edition server running as
your CA to generate the right type of cert



Matthew Loraditch
1965 Greenspring Drive

Timonium, MD 21093
support [at] heliontechnologies <mailto:support [at] heliontechnologies>
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com
<http://www.heliontechnologies.com>
Support Issue? Email support [at] heliontechnologies
<mailto:support [at] heliontechnologies> for fast assistance!



From: cisco-voip-bounces [at] puck
[mailto:cisco-voip-bounces [at] puck] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip [at] puck
Subject: [cisco-voip] Certificates question





Hi everyone -



I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)



This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request

to work right in the Microsoft side.



UCM 6.1.1-3002

Windows 2003 Standard domain controller acting as our CA server.



I've done the following steps



In OS Admin, Security, Certificate Management

1. done a certificate signing request for the tomcat

2. Downloaded the resulting file to a folder.



What I'm having trouble with is this:



When I go to the website for my CA server

http://<myserver>/certsrv/certrqxt.asp
<http://%3cmyserver%3e/certsrv/certrqxt.asp>

and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select

Submit a Certificate Request or Renewal Request

I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.



>From this link, you can see that there's a template for "Web Server"

http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png



My CA doesn't have that template - I don't know why.

I have Basic EFS, User, and IPSEC (offline)



This is essentially the same process:

http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/



I realise that is for Linux mailservers, but the concept is the same --



Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.



But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)



So a lot of the articles online don't directly deal with my issue of why
that template isn't available..





Any ideas?









Tim Reimers

Systems Analyst II

Information Technology Services

City of Asheville

70 Court Plaza

Asheville, NC 28801

phone - 828-259-5512

treimers [at] ashevillenc <mailto:timreimers [at] ashevillenc>


Matt.Slaga at us

Nov 20, 2009, 9:09 AM

Post #4 of 6 (563 views)
Permalink
Re: Certificates question [In reply to]
If the web server certificate profile is not listed, then it was removed by your CA administrator. You will either need to do this via command line or request that the default web server certificate profile be reenabled.

From: cisco-voip-bounces [at] puck [mailto:cisco-voip-bounces [at] puck] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip [at] puck
Subject: [cisco-voip] Certificates question


Hi everyone -

I'm having trouble getting a certificate installed for our UCM, using a cert supplied by our domain CA server (not a public CA server)

This may be a more Microsoft-side issue, but I'm hoping that some of the users on here have done this, and know how to get the certificate request
to work right in the Microsoft side.

UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.

I've done the following steps

In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.

What I'm having trouble with is this:

When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp<http://%3cmyserver%3e/certsrv/certrqxt.asp>
and select "Request a Certificate", then "Advanced Certificate Request" (because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select from the dropdown to use the correct template.

From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)

This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/

I realise that is for Linux mailservers, but the concept is the same --

Many articles I've seen deal with XP/Vista/IIS client/application issues where it's an all-Microsoft world.

But this certificate request is NOT coming from a Microsoft platform (as we know Cisco isn't using Microsoft any more)

So a lot of the articles online don't directly deal with my issue of why that template isn't available..


Any ideas?




Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc<mailto:timreimers [at] ashevillenc>




-----------------------------------------
Disclaimer:

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.


treimers at ashevillenc

Nov 20, 2009, 9:12 AM

Post #5 of 6 (559 views)
Permalink
Re: Certificates question [In reply to]
I'm the one that installed the CA services on that box, eg, I am the CA
administrator
I never disabled any of the certificate profiles. this is how CA
services were out of the box - I've seen this on other CA servers.

I had the impression as well that I could somehow enable that template
to appear on the website for the CA server,
but I can't figure out what to Google for on support.microsoft or some
other site like Petri's site.



Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc <mailto:timreimers [at] ashevillenc>


________________________________

From: Matt Slaga (US) [mailto:Matt.Slaga [at] us]
Sent: Friday, November 20, 2009 12:09 PM
To: Tim Reimers; cisco-voip [at] puck
Subject: RE: [cisco-voip] Certificates question



If the web server certificate profile is not listed, then it was removed
by your CA administrator. You will either need to do this via command
line or request that the default web server certificate profile be
reenabled.



From: cisco-voip-bounces [at] puck
[mailto:cisco-voip-bounces [at] puck] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip [at] puck
Subject: [cisco-voip] Certificates question





Hi everyone -



I'm having trouble getting a certificate installed for our UCM, using a
cert supplied by our domain CA server (not a public CA server)



This may be a more Microsoft-side issue, but I'm hoping that some of the
users on here have done this, and know how to get the certificate
request

to work right in the Microsoft side.



UCM 6.1.1-3002

Windows 2003 Standard domain controller acting as our CA server.



I've done the following steps



In OS Admin, Security, Certificate Management

1. done a certificate signing request for the tomcat

2. Downloaded the resulting file to a folder.



What I'm having trouble with is this:



When I go to the website for my CA server

http://<myserver>/certsrv/certrqxt.asp
<http://%3cmyserver%3e/certsrv/certrqxt.asp>

and select "Request a Certificate", then "Advanced Certificate Request"
(because I'm not doing a simple User cert), then select

Submit a Certificate Request or Renewal Request

I get the page where you can browse and upload a certificate, select
from the dropdown to use the correct template.



>From this link, you can see that there's a template for "Web Server"

http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png



My CA doesn't have that template - I don't know why.

I have Basic EFS, User, and IPSEC (offline)



This is essentially the same process:

http://www.linuxmail.info/submitting-certificate-request-to-microsoft-ce
rtificate-services/



I realise that is for Linux mailservers, but the concept is the same --



Many articles I've seen deal with XP/Vista/IIS client/application issues
where it's an all-Microsoft world.



But this certificate request is NOT coming from a Microsoft platform (as
we know Cisco isn't using Microsoft any more)



So a lot of the articles online don't directly deal with my issue of why
that template isn't available..





Any ideas?









Tim Reimers

Systems Analyst II

Information Technology Services

City of Asheville

70 Court Plaza

Asheville, NC 28801

phone - 828-259-5512

treimers [at] ashevillenc <mailto:timreimers [at] ashevillenc>



________________________________

Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the designated
addressee(s) named above only. If you are not the intended addressee,
you are hereby notified that you have received this communication in
error and that any use or reproduction of this email or its contents is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by replying to this
message and deleting it from your computer. Thank you.


Matt.Slaga at us

Nov 20, 2009, 9:18 AM

Post #6 of 6 (559 views)
Permalink
Re: Certificates question [In reply to]
Open the Certificate Authority MMC, and look under 'certificate templates' and see if it is listed there.



From: Tim Reimers [mailto:treimers [at] ashevillenc]
Sent: Friday, November 20, 2009 12:12 PM
To: Matt Slaga (US)
Cc: cisco-voip [at] puck
Subject: RE: [cisco-voip] Certificates question

I'm the one that installed the CA services on that box, eg, I am the CA administrator
I never disabled any of the certificate profiles. this is how CA services were out of the box - I've seen this on other CA servers.

I had the impression as well that I could somehow enable that template to appear on the website for the CA server,
but I can't figure out what to Google for on support.microsoft or some other site like Petri's site.



Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc<mailto:timreimers [at] ashevillenc>


________________________________
From: Matt Slaga (US) [mailto:Matt.Slaga [at] us]
Sent: Friday, November 20, 2009 12:09 PM
To: Tim Reimers; cisco-voip [at] puck
Subject: RE: [cisco-voip] Certificates question
If the web server certificate profile is not listed, then it was removed by your CA administrator. You will either need to do this via command line or request that the default web server certificate profile be reenabled.

From: cisco-voip-bounces [at] puck [mailto:cisco-voip-bounces [at] puck] On Behalf Of Tim Reimers
Sent: Friday, November 20, 2009 11:56 AM
To: cisco-voip [at] puck
Subject: [cisco-voip] Certificates question


Hi everyone -

I'm having trouble getting a certificate installed for our UCM, using a cert supplied by our domain CA server (not a public CA server)

This may be a more Microsoft-side issue, but I'm hoping that some of the users on here have done this, and know how to get the certificate request
to work right in the Microsoft side.

UCM 6.1.1-3002
Windows 2003 Standard domain controller acting as our CA server.

I've done the following steps

In OS Admin, Security, Certificate Management
1. done a certificate signing request for the tomcat
2. Downloaded the resulting file to a folder.

What I'm having trouble with is this:

When I go to the website for my CA server
http://<myserver>/certsrv/certrqxt.asp<http://%3cmyserver%3e/certsrv/certrqxt.asp>
and select "Request a Certificate", then "Advanced Certificate Request" (because I'm not doing a simple User cert), then select
Submit a Certificate Request or Renewal Request
I get the page where you can browse and upload a certificate, select from the dropdown to use the correct template.

From this link, you can see that there's a template for "Web Server"
http://www.linuxmail.info/images/windows-xp/certsrv-certrqxt.png

My CA doesn't have that template - I don't know why.
I have Basic EFS, User, and IPSEC (offline)

This is essentially the same process:
http://www.linuxmail.info/submitting-certificate-request-to-microsoft-certificate-services/

I realise that is for Linux mailservers, but the concept is the same --

Many articles I've seen deal with XP/Vista/IIS client/application issues where it's an all-Microsoft world.

But this certificate request is NOT coming from a Microsoft platform (as we know Cisco isn't using Microsoft any more)

So a lot of the articles online don't directly deal with my issue of why that template isn't available..


Any ideas?




Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers [at] ashevillenc<mailto:timreimers [at] ashevillenc>

________________________________

Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.



-----------------------------------------
Disclaimer:

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.

Cisco voip RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.