Automatic Certificate Requests Using SCEP

Unanswered Question
Jul 6th, 2010

Hello,

I am using the Cisco ASA 5540 (8.2(1)11) and MS Enterprise Server 2k3 certificate service. I’ve configured Cisco AnyConnect XML profile to auto enroll for certificate. It's working great but it's using the IPSEC (Offline Request) template and its intended purpose is IP security IKE intermediate. Is it possible to use my own custom template? If yes, where do I configure it?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marcin Latosiewicz Tue, 07/06/2010 - 07:45

Allen,

If I remember correctly, and I'm not dealing with MS CA daily, the certificate templates are something that only exists on MS CA (ie it's the server that generates certificate using particular template, the information is not in CSR)

Hopefully someone here will know, but I'd suggest to lauch a parallel thread on MS forums.

Marcin

Todd Starling Thu, 11/11/2010 - 20:38

Unfortunately the Windows 2003 SCEP server is limited to the IPSEC Offline certificate template. In order to get

custom templates you must use the Windows 2008 NDES server. In that version you can have unique templates for

Encryption, Signing, and General Purpose.

Actions

This Discussion