RE: Register a windows client on IOS CA

Dale,

Install IIS on Windows XP. After doing so go to your default website and
right click go to properties. Click on the Directory Security Tab. Click
on Server Certificate. This will open the "IIS Certificate Wizard". This
wizard can be used to generate a certificate signing request. Open the
request file with Notepad. Paste the information to IOS CA. Copy the
completed certificate from IOS CA back to windows XP. Install the
certificate. You have now successfully generated a Certificate for windows
XP using IIS.

HTH

Regards,
 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.

Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott_at_ipexpert.com
 

-----Original Message-----
From: Dale Shaw [mailto:dale.shaw_at_gmail.com]
Sent: Tuesday, August 11, 2009 7:22 PM
To: Tyson Scott
Cc: Sadiq Yakasai; Cisco certification; Cisco certification
Subject: Re: Register a windows client on IOS CA

Hi,

This is probably OT, but..

On Wed, Aug 12, 2009 at 12:41 AM, Tyson Scott<tscott_at_ipexpert.com> wrote:
>
> For XP the question would be how they are going to allow you to create the
> certificate request. If IIS is installed on WinXP then that could be used
> to do the request. I am not sure they have that on the test. They may
have
> the request already created for you and you have to paste it to the router
> and then copy the certificate chain to XP.

It has nothing directly to do with IIS. I think you're referring to
the web interface to Windows Certificate Services, which can't be
installed on XP anyway, as far as I know, and still requires the
actual back-end CA component to function.

When using Active Directory integrated Certificate Services, to
generate a certificate request on a Windows box, you can use the
built-in 'Certificates' MMC snap-in. This is an alternative to using
the aforementioned web interface.

Run mmc.exe
Click 'File -> Add/Remove Snap-in'
Click 'Add'
Select 'Certificates'
Click 'Add'
Select 'My user account' or one of the other options, as appropriate
Click 'Finish'
Click 'Close'
Click 'OK'
Expand 'Certificates - Current User' (or whatever)
Right-click 'Personal -> All Tasks -> Request New Certificate'
..follow the prompts.

Other local options include using OpenSSL, and I vaguely recall there
being one or more command line utililties available from Microsoft
(but I might be thinking of the self-signed certificate tool for IIS).

cheers,
Dale

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 11 2009 - 20:07:39 ART