Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 5: Enable AD CS to Issue "Client and Server" Certificates
Note:
The CA component of Microsoft Active Directory Certificate Services (AD CS) must be able to issue a certificate
that can be used for authentication of the VCS as client or server.
AD CS in Windows Server 2008 Standard R2 (and later) can issue these types of certificates, if you create a
certificate template for them. Earlier versions of Windows Server Standard Edition are not suitable.
certificate template for them. Earlier versions of Windows Server Standard Edition are not suitable.
The default "Web Server" certificate template in AD CS creates a certificate for Server Authentication. The server
certificate for the VCS also needs Client Authentication if you want to configure a neighbor or traversal zone with
mutual authentication (where TLS verify mode is enabled).
certificate for the VCS also needs Client Authentication if you want to configure a neighbor or traversal zone with
mutual authentication (where TLS verify mode is enabled).
To set up a certificate template with both Server and Client authentication:
1.
In Windows, launch Server Manager (Start > Administrative Tools > Server Manager).
(Server Manager is a feature included with server editions of Windows.)
2.
Expand the Server Manager navigation tree to Roles > Active Directory Certificate Services > Certificate
Templates (<domain>).
Templates (<domain>).
3.
Right-click on Web Server and select Duplicate Template.
4.
Select Windows Server 2003 Enterprise and click OK.
Cisco Systems, Inc.
32