Indeed, the VCS need a certificate with server and client authentication attributes.
But, by default, there is no template with both attribute. So we have to create one.
How to create a new certificate template :
Log on your certification authority and open mmc.exe.
Once mmc open, File > Add/Remove Snap-in
Add Certifacation Authority > Local computer.
Right click on certificate Templates and select Manage
This display all certificate template available. Right click on the Web Server template, and duplicate the template.
Change the name of the template (Client/Serveur in my case) and Select Allow private key to be exported on Request Handing Tab
In Extensions Tab, Edit the Application Policies and add Client Authentication
Ok your template is now ready. Click Ok to validate and come back to mmc window.
You can't see your new template in the directory Certificate Templates?
You just have to right click on Certificate Templates > New > Certificate Template to Issue
Highlight your new template and click OK.
You can now generate your certificate with your new template.
Command line: certreq -attrib "certificatetemplate:Client/Serveur" -submit vcs.txt
Where Client/Serveur is the name of the new template and vcs.txt the certificate request of the VCS/expressway.
No comments:
Post a Comment