How to create an exportable "Web Server Template Certificate"

Posted on 2008-11-11
Medium Priority
Last Modified: 2012-05-05
I require a Web Server (template) certificate for my Cisco 2106 WLAN controller however the controller cannot directly request a certificate from the authority server and I cannot create a Web Server certificate "marked with exportable".

I run a patched Windows Server 2003 Enterprise and have clients successfully 802.1x authenticating using WLAN controller (authenticator) and IAS/CA (authentication server).

Is there a way to make Web Server certs exportable? If not is there a way around my problem.  I'm trying to upload a cert onto the Cisco WLAN controller to terminate dot1x requests local on the box using "LOCAL EAP".

Thanks in advance
Question by:davidduffy77
  • 2
  • 2
LVL 31

Expert Comment

ID: 22942442
Yes, web server certs can be exportable.  Duplicate it and make a new version 3 template and you can change a number of options.  On the Request Handling tab, you can checkmark 'Allow private key to be exported'.
When exporting, you will need to make sure to 1) include the private key and 2) mark as exportable whenever you import/export the cert if it asks you to.

It would be easiest to request from your workstation and export it that way and then open it up in notepad and copy the text over to the cisco device.

Another solution you might want to look into is SCEP which can be an extra extension to 2003 CA or part of 2008 CA normally.  For 2003:

SCEP is designed to handle devices like routers and such that do not have the ability to recognize templates and all that, and enable them to make a simple cert request.

Author Comment

ID: 22943779
Wikid advice.. thanks mate

I cant make a version 3 template as I am not running Windows Server 2008 CA (at this moment), is there a work around?

I obtained more information about version1-3 certificates here http://technet.microsoft.com/en-us/library/cc755033.aspx

My next concern lies in the controller, will it handle the new version certificates? I'm thinking Yes, but it is Cisco after all and I would like to test it.
LVL 31

Accepted Solution

Paranormastic earned 2000 total points
ID: 22985111
Sorry, typo on the version 3... version 2 templates for 2003, which will create a version 3 certificate.  This has been around for awhile now - pretty much everything should support it, if for some reason it doesn't check for an update.  Your AD environment should be at least 2003 native mode by now, I hope, in order to properly support the 2003 CA - if not, you might want to look into that if possible.

The old version 1 win2k template does not allow for the private key to be exported, so you would want to duplicate that in order to make the change.

Author Comment

ID: 22999075
Successfully duplicated the Web Server template to a "Minimum Supported CAs = Server 2k3, Enterprise Ed" version 100.3 and imported the new template into the Certificate Template folder.  

Web server certificate successfully installed and exported (with private key)!

Thanks Paranormastic!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question