How to sign certificates with a Microsoft CA

Through this video, I’ll show you how to configure a Microsoft CA, running over a Windows 2012 Std server, to sign the tomcat certificate from CUCM. I will assume you have already configured and installed the CA, if you need assistance on that topic, there’s plenty of material on the web, you can use this as a reference: You might also want to change the validity period for your CA, if you’re going to do this, I strongly recommend you do it right after you install your CA The keys mentioned in the above are still valid in newer releases. Also, very important, bear in mind SHA1 has been deprecated, when you configure the CA, you should choose other option, I’m using SHA256 in my lab. If you’re going to be doing multi-server certificates and have public CA sign them, review the bugs mentioned in the Cert FAQ below, specially if you’re on 10.5(x), as of November of this year, new changes in the procedure require all domains to be signed to be public domains, and the multi-server option will cause an error. If you still have doubts about the procedure, if you meet the entitlement, you can reach us, the PDI Technical Advisors team, at In the above page, you can find our entitlement requirements, working hours, and how to open a case. I also encourage you to review my FAQ before opening a case, I cover a lot of products in it: I have created a special certificates FAQ you might also want to review: Any questions, comment, etc. you can reach me at javalenc@