How to handle HP certificates with Microsoft CA?

Question

We have several ILOs that need signing for HP Systems Insight Manager to work properly. (Single Sign On between the several ILOs)

I tried submitting a certificate without creating any template but failed due to a nonexistent template for this certificate submission. I am not sure how to create a template that will accept HP certificates or if I am doing something completely wrong?

We are using Windows Server Certification-Authority.

Answer 1

HP iLO requires certificate with Server and Client Authentication EKUs. I would suggest to do the following:

1. Open Certificate Templates MMC snap-in and duplicate default Web Server template.
2. Switch to Extensions tab, select Application Policies extension and add Client Autentication EKU. Save changes. Remember template's common name (it is autogenerated based on display name you type).
3. Add new template to CA for issuance.

When submitting request, use command-line tool as follows:

certreq -submit -attrib "CertificateTemplate:TemplateCommonName"

Replace TemplateCommonName with actual template's name.