09-16-2019 09:51 PM
Hi All,
I need some assistance with creating a new xmpp CSR on the CIsco IM&P Server.
II generated a new CSR that included all the correct Domains. When I forwarded my CSR to our internal PKI Team. My request was denied as we are only allowed two Extended Key Usage.
I will need to remove ipsecEndSystem before they will be able to sign my internal signed Cert.
Is there any possible way to do this? As the settings when generating a new CSR is very limited.
Solved! Go to Solution.
10-16-2019 10:17 PM
We will be working with our internal CA to create a template that will support 3 key usage but at this stage we had to move back to self signed Certs in order for to complete the Project.
Thanks for the inputs from your side. We also had a Tac Open to confirm the theory that this cannot be changed to send this as prove to our Global Team.
09-17-2019 07:45 AM
No, you cannot, what you see is what you get in the generate CSR options.
You'll have to explain them that the CSR comes with what the system needs and the system might not work properly if they choose to change them.
09-17-2019 08:04 AM
Hi Jaime,
Thanks for responding, huge fan btw.
This is the response I received from our internal Team.
"
09-17-2019 12:02 PM
I'd download the self-signed certificate, and send it to them, tell them that's what the system is running on right now and what's needed, which should be the same the CSR asks for.
10-16-2019 10:17 PM
We will be working with our internal CA to create a template that will support 3 key usage but at this stage we had to move back to self signed Certs in order for to complete the Project.
Thanks for the inputs from your side. We also had a Tac Open to confirm the theory that this cannot be changed to send this as prove to our Global Team.
09-17-2019 08:45 AM
09-17-2019 09:55 AM
Hi Justin,
From the Link I can pick up that Tomcat does not need Ipsec, I need confirmation from Cisco that IpSec is no needed for XMPP as well.
Then I will be able to generate a cert from a CMS Server and add all the necessary info and send it off to my PKI Team.
09-17-2019 10:37 AM
09-17-2019 10:52 AM
Just trying al avenues as this issue is holding back multiple Projects as we are not able to add more domains to allow users from other Countries to use Jabber.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide