How to create an exportable "Web Server Template Certificate"

Posted on 2008-11-11
Last Modified: 2012-05-05
I require a Web Server (template) certificate for my Cisco 2106 WLAN controller however the controller cannot directly request a certificate from the authority server and I cannot create a Web Server certificate "marked with exportable".

I run a patched Windows Server 2003 Enterprise and have clients successfully 802.1x authenticating using WLAN controller (authenticator) and IAS/CA (authentication server).

Is there a way to make Web Server certs exportable? If not is there a way around my problem.  I'm trying to upload a cert onto the Cisco WLAN controller to terminate dot1x requests local on the box using "LOCAL EAP".

Thanks in advance
Question by:davidduffy77
    LVL 31

    Expert Comment

    Yes, web server certs can be exportable.  Duplicate it and make a new version 3 template and you can change a number of options.  On the Request Handling tab, you can checkmark 'Allow private key to be exported'.
    When exporting, you will need to make sure to 1) include the private key and 2) mark as exportable whenever you import/export the cert if it asks you to.

    It would be easiest to request from your workstation and export it that way and then open it up in notepad and copy the text over to the cisco device.

    Another solution you might want to look into is SCEP which can be an extra extension to 2003 CA or part of 2008 CA normally.  For 2003:

    SCEP is designed to handle devices like routers and such that do not have the ability to recognize templates and all that, and enable them to make a simple cert request.
    LVL 1

    Author Comment

    Wikid advice.. thanks mate

    I cant make a version 3 template as I am not running Windows Server 2008 CA (at this moment), is there a work around?

    I obtained more information about version1-3 certificates here

    My next concern lies in the controller, will it handle the new version certificates? I'm thinking Yes, but it is Cisco after all and I would like to test it.
    LVL 31

    Accepted Solution

    Sorry, typo on the version 3... version 2 templates for 2003, which will create a version 3 certificate.  This has been around for awhile now - pretty much everything should support it, if for some reason it doesn't check for an update.  Your AD environment should be at least 2003 native mode by now, I hope, in order to properly support the 2003 CA - if not, you might want to look into that if possible.

    The old version 1 win2k template does not allow for the private key to be exported, so you would want to duplicate that in order to make the change.
    LVL 1

    Author Comment

    Successfully duplicated the Web Server template to a "Minimum Supported CAs = Server 2k3, Enterprise Ed" version 100.3 and imported the new template into the Certificate Template folder.  

    Web server certificate successfully installed and exported (with private key)!

    Thanks Paranormastic!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now