locked
Client authentication EKU in OCS certificate RRS feed

  • Question

  • Hi,

    I would like to integrate OCs with Avaya AES 4.1 for Remote Call Controll (RCC).

    The AES guide says, that I need client authentication and server authentication Enhanced Key Usage in the OCS certificate. But no matter if I check that box during the certificate request wizard on the OCS server, the new certificate I get back from the CA doesnt include that EKU attribute.

    Trying to request the certificate from the Web interface of the CA, how can I get this attribute included in the new cert? As I think, Webserver template cannot be used for that purpose, as it doesnt contain that client EKU. Computer template seems to be nice, but cannot see it in the list on the request webpage.

    Thanks.
    Friday, December 21, 2007 2:45 PM

Answers

All replies

  •  

    Richard,

     

    Did you ever figure out how to get the client authorization added? I am doing the same thing as well & I have the exact same issue.

     

    Thanks,

    Ken

    Wednesday, February 13, 2008 5:55 PM
  • You need to make a duplicate of the Web Server certificate template and enable the Client Auth EKU.  The instructions for this can be found at http://www.microsoft.com/technet/prodtechnol/office/livecomm/library/confcerts/lcscon_7.mspx.

    Wednesday, February 13, 2008 10:40 PM
    Moderator
  • Finally, it seemed that AES doesnt really need client EKU, so we could somehow make it work (that means some miracle happened)

    Anyway, the previous post may contain all you need (although I didnt try it myself)
    Thursday, February 14, 2008 9:30 AM
  • Hi Everyone,

     

    This is a common issue people are facing with the ARS integration. If you are using Enterprise a work around would be to create a test IIS website and generate a request for a cert that has the name of your pool. You then go to the Web Enrollemnt area and request a cert with a newly created template with Client/Server Auth. then import this new cert into your server and use this and you will be set.

     

    Thanks


    Tony

     

    Sunday, November 16, 2008 2:48 AM