Re: Certificates for DNS domains outside of Active Directory Domains
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/15/04
- Previous message: David Cross [MS]: "Re: Certificate extensions"
- In reply to: S. Pidgorny
: "Re: Certificates for DNS domains outside of Active Directory Domains" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Nov 2004 05:34:58 -0800
this whitepaper may also help:
Windows Server 2003 advanced certificate enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message news:%233jm93vyEHA.1396@tk2msftngp13.phx.gbl... >I haven't used Office Live Communications Server yet, but previously we >have > discussed creating the certificates for it using Certificate Server Web > forms. This is how to request a certificate with both Client and Server > Authentication EKUs: > > On the request form, under Intended purposes, select Other... and put > > 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2 > > in the OID field. > > With Web forms, you have minumum automation but maximum flexibility. > > > -- > Svyatoslav Pidgorny, MVP, MCSE > -= F1 is the key =- > > > > "Jeff Lewis" <JeffLewis@discussions.microsoft.com> wrote in message > news:29FA9D50-8AB4-4E3E-A859-B5852D57E172@microsoft.com... >> Hello, >> >> We are implementing Live Communications Server in our environment. We > want >> to use TLS authentication for this. I have created a Certificate >> Template > on >> our Windows Server 2003 Enterprise Edition DC. I copied the template >> from >> the Computer Template. I called the new template Live Communications >> Template. This template provides for client and server authentication. >> Without any tweaking, I can get this setup to function properly and it > runs >> like a charm. Here is my dilemma: Internally, our domain namespace is >> trinity.com. Externally, our dns domain namespace is trinitycos.com. > This >> setup was completed previous to my arrival, and we are no longer able to > get >> trinity.com externally due to ownership by someone else. I used the >> Certificate Template that I created from the Computer template. When I >> create a certificate based on this template, it is built as > live.trinity.com. >> Since we do not own trinity.com, our people cannot gain access to the > Live >> Communications Server externally via TLS. I get an error indicating that > the >> certificate does not match what the server is looking for. I would like > to >> create the certificate as live.trinitycos.com. Is there a way to > accomplish >> this task? >> >> I do not know how to fix this issue, short of renaming our internal >> domain >> to trinitycos.com. Any assistance would be appreciated. > >
- Previous message: David Cross [MS]: "Re: Certificate extensions"
- In reply to: S. Pidgorny
: "Re: Certificates for DNS domains outside of Active Directory Domains" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
