help with certificate services in setting up live communications server?

  • Thread starter Thread starter Rob Sullivan
  • Start date Start date
R

Rob Sullivan

I am attempting to set up a LCS implementation using a TLS proxy to
pass traffic from a server hosted in a DMZ setup on a firewall through
to an LCS server hosted on a private network. Various help files
indicate that that I need to request the certificate from the
Certificates management snap-in in the MMC. Because the TLS proxy
server is on a separate screened network from the LCS and AD servers,
"request a new certificate" is not an option in the Certificates
management snap-in. I've tried various other means to generate the
cert I need but LCS has deemed them all to be unsuitable. I should
add that I've successfully imported the root CA from the domain in
question and LCS is able to recognize it when I'm attempting to
configure LCS to use TLS instead of TCP.

Is there any way to create the cert that I need without joining the
TLS proxy server to the domain?
 
If you have not tried it yet, look into using Web Enrollment to request your
certificate though you may have to use the CA Management Console to authorize the
appropriate template first in Policy Settings. It probably is one of the "offline"
templates that needs to be authorized. I also believe that you can "temporarily" join
the computer to the domain just to request and install the certificate and it will
work after the computer is removed from the domain as long as the CA root certificate
is still in the trusted root CA folder. Of course that solution will require a couple
reboots. The links below may be helpful. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 -- an example for
ipsec for l2tp.
 
Back
Top