Cisco Cisco TelePresence Video Communication Server Expressway
Certificate generation process using Microsoft OCS
Cisco VCS Deployment Guide: Certificate creation and use with Cisco VCS
Page 23 of 33
Process the ‘cert_inf.pem’ file into server certificate,
CA certificate and private key
CA certificate and private key
The ‘.pem’ file contains 3 sections:
1. Private key section:
Bag Attributes
…
Key Attributes
X509v3 Key Usage: 10
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CAD24BC3A702A939
l5JTMK+Irjx2ptUWXbqEgaGwOE6UiXJE+x4Ga7sc9MXB2fvzHNehiyFHS+FoqFZK
…
7vGI/4Ezt5Stajm/p+ENGD+jMstT3a3Q85SnfvwBGVtdleKFUZ0E4Q==
-----END RSA PRIVATE KEY-----
…
Key Attributes
X509v3 Key Usage: 10
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CAD24BC3A702A939
l5JTMK+Irjx2ptUWXbqEgaGwOE6UiXJE+x4Ga7sc9MXB2fvzHNehiyFHS+FoqFZK
…
7vGI/4Ezt5Stajm/p+ENGD+jMstT3a3Q85SnfvwBGVtdleKFUZ0E4Q==
-----END RSA PRIVATE KEY-----
2. Server certificate:
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: VCS-certificate
subject=/C=NO/L=Oslo/O=net2/OU=ast/CN=vcs.net2.int
issuer=/DC=int/DC=net2/CN=net2-CA
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIKI/Co1QAAAAAADzANBgkqhkiG9w0BAQUFADA9MRMwEQYK
…
6aRy7KXfeBLN/pqBEVSjjlCljmXa5hc5AGmzyTfrSRXviHE3qpmT0Lnld31f6qGK
-----END CERTIFICATE-----
localKeyID: 01 00 00 00
friendlyName: VCS-certificate
subject=/C=NO/L=Oslo/O=net2/OU=ast/CN=vcs.net2.int
issuer=/DC=int/DC=net2/CN=net2-CA
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIKI/Co1QAAAAAADzANBgkqhkiG9w0BAQUFADA9MRMwEQYK
…
6aRy7KXfeBLN/pqBEVSjjlCljmXa5hc5AGmzyTfrSRXviHE3qpmT0Lnld31f6qGK
-----END CERTIFICATE-----
•
Note: the issuer specifies the issuer that approves this Server certificate.
•
Note: the server certificate typically has a ‘friendlyName’ in the header.
3. CA certificate:
Bag Attributes: <Empty Attributes>
subject=/DC=int/DC=net2/CN=net2-CA
issuer=/DC=int/DC=net2/CN=net2-CA
-----BEGIN CERTIFICATE-----
MIIDVTCCAj2gAwIBAgIQQwRnazGMG5JGOacRYvwNlTANBgkqhkiG9w0BAQUFADA9
…
tQy4Hfj50yemURZ7mFCXGapcegsOC5/WDhOcIrlkcDJ2lcvBgUj4rbI=
-----END CERTIFICATE-----
subject=/DC=int/DC=net2/CN=net2-CA
issuer=/DC=int/DC=net2/CN=net2-CA
-----BEGIN CERTIFICATE-----
MIIDVTCCAj2gAwIBAgIQQwRnazGMG5JGOacRYvwNlTANBgkqhkiG9w0BAQUFADA9
…
tQy4Hfj50yemURZ7mFCXGapcegsOC5/WDhOcIrlkcDJ2lcvBgUj4rbI=
-----END CERTIFICATE-----
The root CA certificate is a self signed certificate; the subject and issuer of the certificate are the
same. Where there is an external certificate authority, the root CA certificate can be used from the
external certificate authority.
same. Where there is an external certificate authority, the root CA certificate can be used from the
external certificate authority.
Certificates can have hierarchical trust.
The server certificate is trusted by (created using) a secondary certificate.
The secondary certificate is trusted by (created using) the root CA certificate.
The root CA certificate is self signed.
In this case, 4 entries will be found in the created PEM file.