I need some assistance with creating a new xmpp CSR on the CIsco IM&P Server.
II generated a new CSR that included all the correct Domains. When I forwarded my CSR to our internal PKI Team. My request was denied as we are only allowed two Extended Key Usage.
I will need to remove ipsecEndSystem before they will be able to sign my internal signed Cert.
Is there any possible way to do this? As the settings when generating a new CSR is very limited.
No, you cannot, what you see is what you get in the generate CSR options.
You'll have to explain them that the CSR comes with what the system needs and the system might not work properly if they choose to change them.
Thanks for responding, huge fan btw.
This is the response I received from our internal Team.
I'd download the self-signed certificate, and send it to them, tell them that's what the system is running on right now and what's needed, which should be the same the CSR asks for.
From the Link I can pick up that Tomcat does not need Ipsec, I need confirmation from Cisco that IpSec is no needed for XMPP as well.
Then I will be able to generate a cert from a CMS Server and add all the necessary info and send it off to my PKI Team.
Just trying al avenues as this issue is holding back multiple Projects as we are not able to add more domains to allow users from other Countries to use Jabber.