Cisco Cisco Expressway
Authorizing a request and generating a certificate
using Microsoft Certification Authority
using Microsoft Certification Authority
This section describes how to authorize a certificate request and generate a PEM certificate file using
Microsoft Certification Authority.
Microsoft Certification Authority.
1. Copy the certificate request file (for example, certcsr.der if generated via OpenSSL) to a location, such as
the desktop, on the server where the Microsoft Certification Authority application is installed.
2. Submit the certificate request from a command prompt:
l
To generate a certificate with Server Authentication and Client Authentication, which is required if you
want to configure a neighbor or traversal zone with mutual authentication (TLS verify mode), type:
certreq -submit -attrib “CertificateTemplate:Webclientandserver”
want to configure a neighbor or traversal zone with mutual authentication (TLS verify mode), type:
certreq -submit -attrib “CertificateTemplate:Webclientandserver”
for details about how to set up the Webclientandserver certificate template.
l
To generate a certificate with Server Authentication only, type:
certreq -submit -attrib “CertificateTemplate:WebServer”
certreq -submit -attrib “CertificateTemplate:WebServer”
C:\Users\<user>\Desktop\certcsr.der
This triggers the Certification Authority window to open:
Note that the command must be run as the administrator user.
3. Select the Certification Authority to use (typically only one is offered) and click OK.
4. When requested, save the certificate (browse to the required folder if the default Libraries > Documents
folder is not to be used) calling it server.cer for example.
5. Rename server.cer to server.pem for use with the Expressway.
Get the Microsoft CA certificate
1. In your web browser, go to <IP or URL of the Microsoft Certificate Server>/certsrv and log in.
2. Select
Download a CA certificate, certificate chain or CRL
.
Cisco Expressway Certificate Creation and Use Deployment Guide (X8.5.1)
Page 10 of 32
Authorizing a request and generating a certificate using Microsoft Certification Authority