Signing CUCM certificates

When signing CUCM certificates using a Microsoft CA, not all extensions that are present in the self-signed certificate will be available.

Create the template as a duplicate from Web Server, add Client Authentication and IP security end system (in addition to Server Authentication) as Application Policy and make sure that Digital Signature, Allow key exchange only with key encryption and Allow encryption of user data is selected under under Key Usage Extension.

Issue the certificate using the newly defined template.