Print

Creating Version 3 (Windows Server 2008) Certificate Templates for Server Certificates

About this task

The server certificates exchanged between Avaya Application Enablement Services (AES) and Microsoft Office Communications Server (OCS) must support both Server Authentication and Client Authentication key usage.

This section describes the steps for creating a certificate template on the Windows Server 2008 Enterprise Certification Authority (CA). The certificate template is used to create server certificates for both AES and OCS.

noteNote

If OCS Enterprise edition is in use with an OCS server pool, the certificate should be issued in the name of the pool and must have both Server Authentication and Client Authentication. If a load balancer handles the pool, then the pool name should resolve to the load balancer’s IP address. For example, if the OCS pool is called ocspool.company.com, and that is the pool that agents and OCS servers use, the DNS resolution of ocspool.company.com should be the IP address of the load balancer. Furthermore, the TLS certificate should be issued to ocspool.company.com from the correct authority with the correct company name, etc. Then, this certificate should be put on each of the OCS servers so that they pass this ocspool.company.com certificate when creating a secure socket to Application Enablement Services.

Procedure

  1. On the windows 2008 Enterprise CA server, start the Certification Authority Microsoft Management Console (MMC) snap-in.
  2. In the left pane of the Certification Authority MMC snap-in, expand the Certification Authority node, right-click on Certificate Templates, and select Manage to launch the Certificate Templates MMC snap-in.
  3. In the right pane of the Certificate Templates MMC snap-in, right-click on the Web Server template, and select Duplicate Template.

    The system displays the Duplicate Template dialog box.

  4. In the Duplicate Template dialog box, select Windows Server 2008, Enterprise Edition.

    The system displays the Properties of New Template window.

  5. From the General tab of the Properties of New Template dialog box, in the Template display name field, type a descriptive name for the template.
  6. In the Properties of New Template dialog box, select the Request Handling tab, and ensure that the Purpose selection is set to Signature and encryption.
  7. In the AES Properties dialog box, select the Subject Name tab, and ensure that the Supply in the request option is selected.
  8. In the Properties of New Template dialog box, select the Extensions tab. In the Extensions included in this template section, select Application Policies and click Edit.
  9. In the Edit Application Policies Extension dialog box, click Add.
  10. In the Add Application Policy dialog box, select Client Authentication and click OK.
  11. In the Edit Application Policies Extension dialog box, ensure that both Server Authentication and Client Authentication are included in the Application Policies list. Click OK.
  12. In the Properties of New Template dialog box, select the Extensions tab. In the Extensions included in this template section, select Key Usage and click Edit.
  13. In the Edit Key Usage Extension dialog box, uncheck Make this extension critical and click OK.
  14. From the Properties of New Template dialog box, click OK.
  15. In the Certification Authority MMC snap-in, expand the Certification Authority node. Right-click on Certificate Templates. Select New Certificate Template to Issue.
  16. In the Enable Certificate Templates dialog box, select the Certificate Template you created in Steps 3 -14 and click OK.