davidduffy77
asked on
How to create an exportable "Web Server Template Certificate"
I require a Web Server (template) certificate for my Cisco 2106 WLAN controller however the controller cannot directly request a certificate from the authority server and I cannot create a Web Server certificate "marked with exportable".
I run a patched Windows Server 2003 Enterprise and have clients successfully 802.1x authenticating using WLAN controller (authenticator) and IAS/CA (authentication server).
Is there a way to make Web Server certs exportable? If not is there a way around my problem. I'm trying to upload a cert onto the Cisco WLAN controller to terminate dot1x requests local on the box using "LOCAL EAP".
Thanks in advance
I run a patched Windows Server 2003 Enterprise and have clients successfully 802.1x authenticating using WLAN controller (authenticator) and IAS/CA (authentication server).
Is there a way to make Web Server certs exportable? If not is there a way around my problem. I'm trying to upload a cert onto the Cisco WLAN controller to terminate dot1x requests local on the box using "LOCAL EAP".
Thanks in advance
ASKER
Wikid advice.. thanks mate
I cant make a version 3 template as I am not running Windows Server 2008 CA (at this moment), is there a work around?
I obtained more information about version1-3 certificates here http://technet.microsoft.com/en-us/library/cc755033.aspx
My next concern lies in the controller, will it handle the new version certificates? I'm thinking Yes, but it is Cisco after all and I would like to test it.
I cant make a version 3 template as I am not running Windows Server 2008 CA (at this moment), is there a work around?
I obtained more information about version1-3 certificates here http://technet.microsoft.com/en-us/library/cc755033.aspx
My next concern lies in the controller, will it handle the new version certificates? I'm thinking Yes, but it is Cisco after all and I would like to test it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Successfully duplicated the Web Server template to a "Minimum Supported CAs = Server 2k3, Enterprise Ed" version 100.3 and imported the new template into the Certificate Template folder.
Web server certificate successfully installed and exported (with private key)!
Thanks Paranormastic!
Web server certificate successfully installed and exported (with private key)!
Thanks Paranormastic!
When exporting, you will need to make sure to 1) include the private key and 2) mark as exportable whenever you import/export the cert if it asks you to.
It would be easiest to request from your workstation and export it that way and then open it up in notepad and copy the text over to the cisco device.
Another solution you might want to look into is SCEP which can be an extra extension to 2003 CA or part of 2008 CA normally. For 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=9f306763-d036-41d8-8860-1636411b2d01&displaylang=en
SCEP is designed to handle devices like routers and such that do not have the ability to recognize templates and all that, and enable them to make a simple cert request.