Certificates for DNS domains outside of Active Directory Domains

Discussion in 'Server Security' started by Jeff Lewis, Nov 15, 2004.

  1. Jeff Lewis

    Jeff Lewis Guest

    Hello,

    We are implementing Live Communications Server in our environment. We want
    to use TLS authentication for this. I have created a Certificate Template on
    our Windows Server 2003 Enterprise Edition DC. I copied the template from
    the Computer Template. I called the new template Live Communications
    Template. This template provides for client and server authentication.
    Without any tweaking, I can get this setup to function properly and it runs
    like a charm. Here is my dilemma: Internally, our domain namespace is
    trinity.com. Externally, our dns domain namespace is trinitycos.com. This
    setup was completed previous to my arrival, and we are no longer able to get
    trinity.com externally due to ownership by someone else. I used the
    Certificate Template that I created from the Computer template. When I
    create a certificate based on this template, it is built as live.trinity.com.
    Since we do not own trinity.com, our people cannot gain access to the Live
    Communications Server externally via TLS. I get an error indicating that the
    certificate does not match what the server is looking for. I would like to
    create the certificate as live.trinitycos.com. Is there a way to accomplish
    this task?

    I do not know how to fix this issue, short of renaming our internal domain
    to trinitycos.com. Any assistance would be appreciated.
     
    Jeff Lewis, Nov 15, 2004
    #1
    1. Advertisements

  2. Jeff Lewis

    S. Pidgorny Guest

    I haven't used Office Live Communications Server yet, but previously we have
    discussed creating the certificates for it using Certificate Server Web
    forms. This is how to request a certificate with both Client and Server
    Authentication EKUs:

    On the request form, under Intended purposes, select Other... and put

    1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2

    in the OID field.

    With Web forms, you have minumum automation but maximum flexibility.
     
    S. Pidgorny, Nov 15, 2004
    #2
    1. Advertisements

  3. David Cross [MS], Nov 15, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.