Re: Certificates for DNS domains outside of Active Directory Domains

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/15/04

  • Next message: Donnie: "Can I stop this???"
    Date: Mon, 15 Nov 2004 05:34:58 -0800
    
    

    this whitepaper may also help:

    Windows Server 2003 advanced certificate enrollment whitepaper:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

    -- 
    David B. Cross [MS]
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    http://support.microsoft.com
    "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message 
    news:%233jm93vyEHA.1396@tk2msftngp13.phx.gbl...
    >I haven't used Office Live Communications Server yet, but previously we 
    >have
    > discussed creating the certificates for it using Certificate Server Web
    > forms. This is how to request a certificate with both Client and Server
    > Authentication EKUs:
    >
    > On the request form, under Intended purposes, select Other... and put
    >
    > 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2
    >
    > in the OID field.
    >
    > With Web forms, you have minumum automation but maximum flexibility.
    >
    >
    > -- 
    > Svyatoslav Pidgorny, MVP, MCSE
    > -= F1 is the key =-
    >
    >
    >
    > "Jeff Lewis" <JeffLewis@discussions.microsoft.com> wrote in message
    > news:29FA9D50-8AB4-4E3E-A859-B5852D57E172@microsoft.com...
    >> Hello,
    >>
    >> We are implementing Live Communications Server in our environment.  We
    > want
    >> to use TLS authentication for this.  I have created a Certificate 
    >> Template
    > on
    >> our Windows Server 2003 Enterprise Edition DC.  I copied the template 
    >> from
    >> the Computer Template.  I called the new template Live Communications
    >> Template.  This template provides for client and server authentication.
    >> Without any tweaking, I can get this setup to function properly and it
    > runs
    >> like a charm.  Here is my dilemma:  Internally, our domain namespace is
    >> trinity.com.  Externally, our dns domain namespace is trinitycos.com.
    > This
    >> setup was completed previous to my arrival, and we are no longer able to
    > get
    >> trinity.com externally due to ownership by someone else.  I used the
    >> Certificate Template that I created from the Computer template.  When I
    >> create a certificate based on this template, it is built as
    > live.trinity.com.
    >>  Since we do not own trinity.com, our people cannot gain access to the
    > Live
    >> Communications Server externally via TLS.  I get an error indicating that
    > the
    >> certificate does not match what the server is looking for.  I would like
    > to
    >> create the certificate as live.trinitycos.com.  Is there a way to
    > accomplish
    >> this task?
    >>
    >> I do not know how to fix this issue, short of renaming our internal 
    >> domain
    >> to trinitycos.com.  Any assistance would be appreciated.
    >
    > 
    

  • Next message: Donnie: "Can I stop this???"

    Relevant Pages

    • Re: Certificates for DNS domains outside of Active Directory Domains
      ... I haven't used Office Live Communications Server yet, ... This is how to request a certificate with both Client and Server ... I have created a Certificate Template on> our Windows Server 2003 Enterprise Edition DC. ...
      (microsoft.public.windows.server.security)
    • Re: Problem setting the "Valid To" for EFS certificates
      ... You seem to be THE MAN on EFS since I ... credential roaming will work is that the server will request the private key ... unless an EFS certificate and private key exist in the user's profile on ... Basic EFS template and created a new template. ...
      (microsoft.public.windows.server.security)
    • RPC over HTTP, Microsoft solution
      ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
      (microsoft.public.exchange.setup)
    • Re: OWA 2003 w/ Smart Card Authentication.
      ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
      (microsoft.public.exchange.connectivity)
    • Re: Configuring LDAP on Entourage 2004 OS X
      ... Microsoft CSS Online Newsgroup Support ... does not work with a self signed SSL certificate OR with the SSL ... configure the System to allow OMA and "Server ActiveSync" access from the ... Configuring Exchange Server 2003 for Client Access. ...
      (microsoft.public.windows.server.sbs)