Re: help with certificate services in setting up live communications server?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/28/04
- Next message: Steven L Umbach: "Re: Internal vs. External Domain Names"
- Previous message: Steven L Umbach: "Re: Security Defaults"
- In reply to: Rob Sullivan: "help with certificate services in setting up live communications server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Apr 2004 17:36:49 GMT
If you have not tried it yet, look into using Web Enrollment to request your
certificate though you may have to use the CA Management Console to authorize the
appropriate template first in Policy Settings. It probably is one of the "offline"
templates that needs to be authorized. I also believe that you can "temporarily" join
the computer to the domain just to request and install the certificate and it will
work after the computer is removed from the domain as long as the CA root certificate
is still in the trusted root CA folder. Of course that solution will require a couple
reboots. The links below may be helpful. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 -- an example for
ipsec for l2tp.
"Rob Sullivan" <rob.sullivan@parlano.com> wrote in message
news:70dcbbef.0404280821.14f5e384@posting.google.com...
> I am attempting to set up a LCS implementation using a TLS proxy to
> pass traffic from a server hosted in a DMZ setup on a firewall through
> to an LCS server hosted on a private network. Various help files
> indicate that that I need to request the certificate from the
> Certificates management snap-in in the MMC. Because the TLS proxy
> server is on a separate screened network from the LCS and AD servers,
> "request a new certificate" is not an option in the Certificates
> management snap-in. I've tried various other means to generate the
> cert I need but LCS has deemed them all to be unsuitable. I should
> add that I've successfully imported the root CA from the domain in
> question and LCS is able to recognize it when I'm attempting to
> configure LCS to use TLS instead of TCP.
>
> Is there any way to create the cert that I need without joining the
> TLS proxy server to the domain?
- Next message: Steven L Umbach: "Re: Internal vs. External Domain Names"
- Previous message: Steven L Umbach: "Re: Security Defaults"
- In reply to: Rob Sullivan: "help with certificate services in setting up live communications server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
