how to generate certificate from internal Certificate authority with Extended kya usage:TLS web server authentication & TLS web client authentication

brajkishor Singh 1 Reputation point
2021-06-10T06:53:17.32+00:00

Hi Guys
kindly help how to generate SSL certificate with internal Certificate authority with below parameter is it possible via Internal CA?

Extended key Usage:TLS web server authentication
TLS web client authentication
IPsec End System

Key Usages:
Digital Signature
Key Encipherment
Data Encipherment
Key Agreement
please let me know if in case more info needed

Regards

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,442 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Daisy Zhou 22,716 Reputation points Microsoft Vendor
    2021-06-11T01:38:55.75+00:00

    Hello @brajkishor Singh ,

    Thank you for posting here.

    Based on my research, you can refer to the detailed steps for configuring IPsec Template in the following links.

    Create Windows CA Certificate Templates for CUCM
    https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215534-create-windows-ca-certificate-templates.pdf

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  2. Daisy Zhou 22,716 Reputation points Microsoft Vendor
    2021-06-21T09:12:16.243+00:00

    Hello @brajkishor Singh ,

    Thank you for your reply.

    As I understand, if you duplicate a default Web Server template, during duplication, switch to Extensions tab, select Application Policies entry and add Client Authentication usage.

    107539-tls.png

    Client Authentication means TLS Web Server Authentication
    Server Authentication means TLS Web Client Authentication

    Here is a similar case for your reference.

    Create certificate on CA from CSR file with key usage "TLS Web Server Authentication, TLS Web Client Authentication"
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/75c8ec86-6a8d-42ac-a997-14cb1a8d31d4/create-certificate-on-ca-from-csr-file-with-key-usage-quottls-web-server-authentication-tls-web?forum=winserversecurity

    Other reference:
    Difference between certificates with “extension fields” and “Non Repudiation” usage
    https://security.stackexchange.com/questions/100768/difference-between-certificates-with-extension-fields-and-non-repudiation-us

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  3. Daisy Zhou 22,716 Reputation points Microsoft Vendor
    2021-06-22T06:10:38.193+00:00

    Hello @brajkishor Singh ,

    I am so glad to receive your reply.

    We can set these Key Usages on certificate template as below:

    Digital Signature
    Key Encipherment
    Data Encipherment
    Key Agreement

    107907-sign.png

    For more information, please refer to link below.

    Key usage extensions and extended key usage
    https://help.hcltechsw.com/domino/10.0.1/admin/conf_keyusageextensionsandextendedkeyusage_r.html

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.