how to generate certificate from internal Certificate authority with Extended kya usage:TLS web server authentication & TLS web client authentication

Question

Hi Guys
kindly help how to generate SSL certificate with internal Certificate authority with below parameter is it possible via Internal CA?

Extended key Usage:TLS web server authentication
TLS web client authentication
IPsec End System

Key Usages:
Digital Signature
Key Encipherment
Data Encipherment
Key Agreement
please let me know if in case more info needed

Regards

Answer 1

Hello @brajkishor Singh ,

Thank you for your reply.

As I understand, if you duplicate a default Web Server template, during duplication, switch to Extensions tab, select Application Policies entry and add Client Authentication usage.

Client Authentication means TLS Web Server Authentication
Server Authentication means TLS Web Client Authentication

Here is a similar case for your reference.

Create certificate on CA from CSR file with key usage "TLS Web Server Authentication, TLS Web Client Authentication"
https://social.technet.microsoft.com/Forums/windowsserver/en-US/75c8ec86-6a8d-42ac-a997-14cb1a8d31d4/create-certificate-on-ca-from-csr-file-with-key-usage-quottls-web-server-authentication-tls-web?forum=winserversecurity

Other reference:
Difference between certificates with “extension fields” and “Non Repudiation” usage
https://security.stackexchange.com/questions/100768/difference-between-certificates-with-extension-fields-and-non-repudiation-us

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

Hello @brajkishor Singh ,

Thank you for posting here.

Based on my research, you can refer to the detailed steps for configuring IPsec Template in the following links.

Create Windows CA Certificate Templates for CUCM
https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215534-create-windows-ca-certificate-templates.pdf

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 3

Hello @brajkishor Singh ,

I am so glad to receive your reply.

We can set these Key Usages on certificate template as below:

Digital Signature
Key Encipherment
Data Encipherment
Key Agreement

For more information, please refer to link below.

Key usage extensions and extended key usage
https://help.hcltechsw.com/domino/10.0.1/admin/conf_keyusageextensionsandextendedkeyusage_r.html

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.