| Author |
Message |
Terry Mansell
Guest
|
 Posted:
Thu Feb 17, 2005 8:49 pm Post subject:
Creating Certificates - Other not available |
|
|
This may be a basic question, but I'm a bit stuck at the moment.
I am looking to convert an LCS server from TCP comms to TLS and hence need
to look at requesting a certificate. I have read the Cert Conf document from
Microsoft but have got stuck on a few points. We use a Windows 2003 CA
(standalone I believe - I didn't set it up), and when I get to the point of
selecting the type of certificate, where you would normally choose "Other"
that option isn't available.
Instead in the dropdown I get "Administrator", "Basic EFS", "EFS Recovery
Agent", etc. None of these options allow me to enter the OID (codes for
Server Authentication and Client Authentication). Which option do I choose on
this type of Certificate server, to obtain the certificate I will need for
LCS?
As I said, sorry if this is a basic question, but I have to admit that I
have read as much documentation as I can without much success.
Many Thanks,
Terry |
|
| Back to top |
|
 |
S. Pidgorny
Guest
|
| Posted:
Sat Feb 19, 2005 6:48 am Post subject:
Re: Creating Certificates - Other not available |
|
|
Terry,
Judging from the behaviour, I believe you've got an Enterprise CA and the
list of certificates available is defined by your permissions in AD.
You have two options for the LCS certificate request:
1. If your Enterprise CA is Windows 2003, you can follow the instructions
from "Live Communications Server 2005 Document: Configuring Certificates":
http://www.microsoft.com/downloads/details.aspx?familyid=779DEDAA-2687-4452-901E-719CE6EC4E5A
If your enterprise CA is Windows 2000 and not Windows 2003-based, I believe,
you can upgrade the functionality by applying W2K3 schema and using W2K3 CA
management tools.
2. A quick and dirty way: create a subordinate stand-alone CA and issue LCS
certs from that server using Web enrolment.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Terry Mansell" <TerryMansell@discussions.microsoft.com> wrote in message
news:32885299-EFD7-401C-BCBE-9A6788E55B9F@microsoft.com...
| Quote: | This may be a basic question, but I'm a bit stuck at the moment.
I am looking to convert an LCS server from TCP comms to TLS and hence need
to look at requesting a certificate. I have read the Cert Conf document
from
Microsoft but have got stuck on a few points. We use a Windows 2003 CA
(standalone I believe - I didn't set it up), and when I get to the point
of
selecting the type of certificate, where you would normally choose "Other"
that option isn't available.
Instead in the dropdown I get "Administrator", "Basic EFS", "EFS Recovery
Agent", etc. None of these options allow me to enter the OID (codes for
Server Authentication and Client Authentication). Which option do I choose
on
this type of Certificate server, to obtain the certificate I will need for
LCS?
As I said, sorry if this is a basic question, but I have to admit that I
have read as much documentation as I can without much success.
Many Thanks,
Terry |
|
|
| Back to top |
|
|
Terry Mansell
Guest
|
| Posted:
Mon Feb 21, 2005 4:35 pm Post subject:
Re: Creating Certificates - Other not available |
|
|
Hi Svyatoslav,
Many thanks for the reply. I had kind of wondered if the options I was
getting were down to the type of CA that had been installed, as I think I
said, I "inherited" this CA server with no prior info of it's setup. I am
currently working on LCS in a "Sandboxed/Internal use" environment and based
on your reply have taken the "dirty" option and built myself a Subordinate
Standalone CA. I now have the web forms that I am expecting to see and
therefore have now managed to request a certificate add the new server to
Trusted Root CA List for my clients and have now managed to setup LCS with
TLS communications. Many thanks for the Reply, most helpful, and saves me
losing anymore hair after pulling most of it out trying to sort out this
problem.
Thank,
Terry.
"S. Pidgorny <MVP>" wrote:
| Quote: | Terry,
Judging from the behaviour, I believe you've got an Enterprise CA and the
list of certificates available is defined by your permissions in AD.
You have two options for the LCS certificate request:
1. If your Enterprise CA is Windows 2003, you can follow the instructions
from "Live Communications Server 2005 Document: Configuring Certificates":
http://www.microsoft.com/downloads/details.aspx?familyid=779DEDAA-2687-4452-901E-719CE6EC4E5A
If your enterprise CA is Windows 2000 and not Windows 2003-based, I believe,
you can upgrade the functionality by applying W2K3 schema and using W2K3 CA
management tools.
2. A quick and dirty way: create a subordinate stand-alone CA and issue LCS
certs from that server using Web enrolment.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Terry Mansell" <TerryMansell@discussions.microsoft.com> wrote in message
news:32885299-EFD7-401C-BCBE-9A6788E55B9F@microsoft.com...
This may be a basic question, but I'm a bit stuck at the moment.
I am looking to convert an LCS server from TCP comms to TLS and hence need
to look at requesting a certificate. I have read the Cert Conf document
from
Microsoft but have got stuck on a few points. We use a Windows 2003 CA
(standalone I believe - I didn't set it up), and when I get to the point
of
selecting the type of certificate, where you would normally choose "Other"
that option isn't available.
Instead in the dropdown I get "Administrator", "Basic EFS", "EFS Recovery
Agent", etc. None of these options allow me to enter the OID (codes for
Server Authentication and Client Authentication). Which option do I choose
on
this type of Certificate server, to obtain the certificate I will need for
LCS?
As I said, sorry if this is a basic question, but I have to admit that I
have read as much documentation as I can without much success.
Many Thanks,
Terry
|
|
|
| Back to top |
|
|
Joe
Guest
|
| Posted:
Wed Feb 23, 2005 3:09 am Post subject:
Re: Creating Certificates - Other not available |
|
|
Hi Terry,
It seems like that the problem has been resolved. Anyway, in case like
yours, the option of OID was the one to choose. The OID is establishes the
cert between the client and server. The first part before comma if client and
anything after the comma is server. So in your case if you didn't see other,
the OID was the one to pick from. I had the same situation and was resolved
doing so. You also have the option to create Subordinate servers to provide
cert to the clients as well just as the way you did.
Cheers
"Terry Mansell" wrote:
| Quote: | Hi Svyatoslav,
Many thanks for the reply. I had kind of wondered if the options I was
getting were down to the type of CA that had been installed, as I think I
said, I "inherited" this CA server with no prior info of it's setup. I am
currently working on LCS in a "Sandboxed/Internal use" environment and based
on your reply have taken the "dirty" option and built myself a Subordinate
Standalone CA. I now have the web forms that I am expecting to see and
therefore have now managed to request a certificate add the new server to
Trusted Root CA List for my clients and have now managed to setup LCS with
TLS communications. Many thanks for the Reply, most helpful, and saves me
losing anymore hair after pulling most of it out trying to sort out this
problem.
Thank,
Terry.
"S. Pidgorny <MVP>" wrote:
Terry,
Judging from the behaviour, I believe you've got an Enterprise CA and the
list of certificates available is defined by your permissions in AD.
You have two options for the LCS certificate request:
1. If your Enterprise CA is Windows 2003, you can follow the instructions
from "Live Communications Server 2005 Document: Configuring Certificates":
http://www.microsoft.com/downloads/details.aspx?familyid=779DEDAA-2687-4452-901E-719CE6EC4E5A
If your enterprise CA is Windows 2000 and not Windows 2003-based, I believe,
you can upgrade the functionality by applying W2K3 schema and using W2K3 CA
management tools.
2. A quick and dirty way: create a subordinate stand-alone CA and issue LCS
certs from that server using Web enrolment.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Terry Mansell" <TerryMansell@discussions.microsoft.com> wrote in message
news:32885299-EFD7-401C-BCBE-9A6788E55B9F@microsoft.com...
This may be a basic question, but I'm a bit stuck at the moment.
I am looking to convert an LCS server from TCP comms to TLS and hence need
to look at requesting a certificate. I have read the Cert Conf document
from
Microsoft but have got stuck on a few points. We use a Windows 2003 CA
(standalone I believe - I didn't set it up), and when I get to the point
of
selecting the type of certificate, where you would normally choose "Other"
that option isn't available.
Instead in the dropdown I get "Administrator", "Basic EFS", "EFS Recovery
Agent", etc. None of these options allow me to enter the OID (codes for
Server Authentication and Client Authentication). Which option do I choose
on
this type of Certificate server, to obtain the certificate I will need for
LCS?
As I said, sorry if this is a basic question, but I have to admit that I
have read as much documentation as I can without much success.
Many Thanks,
Terry
|
|
|
| Back to top |
|
|
Henrik
Guest
|
| Posted:
Tue Nov 01, 2005 1:50 pm Post subject:
Re: Creating Certificates - Other not available |
|
|
Hi Terry,
I am stuck in the same situation. I have a CA, but can't seem to get the
proper type of certificate from it.
Can you tell me in more detail how to build a "Subordinate Standalone CA" ?
Best Regards,
Henrik
"Terry Mansell" wrote:
| Quote: | Hi Svyatoslav,
Many thanks for the reply. I had kind of wondered if the options I was
getting were down to the type of CA that had been installed, as I think I
said, I "inherited" this CA server with no prior info of it's setup. I am
currently working on LCS in a "Sandboxed/Internal use" environment and based
on your reply have taken the "dirty" option and built myself a Subordinate
Standalone CA. I now have the web forms that I am expecting to see and
therefore have now managed to request a certificate add the new server to
Trusted Root CA List for my clients and have now managed to setup LCS with
TLS communications. Many thanks for the Reply, most helpful, and saves me
losing anymore hair after pulling most of it out trying to sort out this
problem.
Thank,
Terry.
"S. Pidgorny <MVP>" wrote:
Terry,
Judging from the behaviour, I believe you've got an Enterprise CA and the
list of certificates available is defined by your permissions in AD.
You have two options for the LCS certificate request:
1. If your Enterprise CA is Windows 2003, you can follow the instructions
from "Live Communications Server 2005 Document: Configuring Certificates":
http://www.microsoft.com/downloads/details.aspx?familyid=779DEDAA-2687-4452-901E-719CE6EC4E5A
If your enterprise CA is Windows 2000 and not Windows 2003-based, I believe,
you can upgrade the functionality by applying W2K3 schema and using W2K3 CA
management tools.
2. A quick and dirty way: create a subordinate stand-alone CA and issue LCS
certs from that server using Web enrolment.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Terry Mansell" <TerryMansell@discussions.microsoft.com> wrote in message
news:32885299-EFD7-401C-BCBE-9A6788E55B9F@microsoft.com...
This may be a basic question, but I'm a bit stuck at the moment.
I am looking to convert an LCS server from TCP comms to TLS and hence need
to look at requesting a certificate. I have read the Cert Conf document
from
Microsoft but have got stuck on a few points. We use a Windows 2003 CA
(standalone I believe - I didn't set it up), and when I get to the point
of
selecting the type of certificate, where you would normally choose "Other"
that option isn't available.
Instead in the dropdown I get "Administrator", "Basic EFS", "EFS Recovery
Agent", etc. None of these options allow me to enter the OID (codes for
Server Authentication and Client Authentication). Which option do I choose
on
this type of Certificate server, to obtain the certificate I will need for
LCS?
As I said, sorry if this is a basic question, but I have to admit that I
have read as much documentation as I can without much success.
Many Thanks,
Terry
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in