Announcement

Collapse
No announcement yet.

Office Communications Server 2007 - Certificate woes

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Office Communications Server 2007 - Certificate woes

    Hello,

    I have no idea where a thread about Office Communications Server (OCS) should be, so please move this thread if needed.

    I am working on implementing OCS into our network. I have completed all of the installation, and I am now having trouble getting a certificate to import for OCS. I've made a CSR using the wizard builtin to OCS. I then used that CSR to get a .p7b and a .crt file from GoDaddy. I installed the .p7b into the Intermediate Certificate Authority using the Certificates MMC snapin. The problem is when I use the wizard in OCS to try and import a certificate for that. None of the options are for importing a .crt file (it only wants .pfx), and when I select "import a .p7b" the wizard fails and says that I do not have a valid .p7b file.

    I have been searching google for two days and I am unsure what I'm doing wrong. There are a few guides on GoDaddy but none of them specifically tell you how to acquire and import a cert just for OCS.

    Does anyone have any suggestions for what I can try next? Thank you so much...
    A+ Network+

  • #2
    Re: Office Communications Server 2007 - Certificate woes

    Solved!

    I eventually got on the phone with GoDaddy and found out that they don't yet support certificates for Office Communications Server...but they still work just fine. I just needed some special instructions which weren't anywhere on godaddy's site.

    For anyone who wants to know, after experiencing this, I recommend going with digicert.com for OCS certs...they have full support and have great documentation for creating certs.
    A+ Network+

    Comment


    • #3
      Re: Office Communications Server 2007 - Certificate woes

      Also, to enable IM conferencing for your OCS server using a certificate from GoDaddy, you need to go into the details of the top level certificate and enable the cert for clients as well as servers (I enabled mine for all uses).
      A+ Network+

      Comment


      • #4
        Re: Office Communications Server 2007 - Certificate woes

        Thanks for the update!
        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Office Communications Server 2007 - Certificate woes

          I'm having a similar/same issue. Could you post the instructions you received that aren't posted on Godaddy's site? Thanks!

          Comment


          • #6
            Re: Office Communications Server 2007 - Certificate woes

            I had a similar problem importing and assigning Godaddy certs. I would request the cert using a text file generated by the cert wizard, download it, and then try to import it using the wizard. The problem is that the cert that I was getting didn’t have a private key, so the cert wizard wouldn’t import it. If I imported it manually with the MMC, the cert wizard wouldn’t recognize it. So I couldn’t assign it. I talked with four tech support people at Godaddy, all of whom told me they couldn’t help me, as they didn’t know anything about Microsoft products. This was resolved by some very helpful Microsoft folks in the following manner:
            Request the cert using the CSR from the OCS certificate wizard. Select IIS as the type of server. You are asked twice, once at the CSR page and once at the very end. Select IIS both times. Don’t rerun the cert wizard and try to import the cert just yet. You won’t be using what Godaddy had you download. Go back to the Godaddy site. Log in. Go to My Account, then Manage SSL certificates, then the link next to your certificate that says Manage Certificate. Select the certificate. Click “Reissue”. The result will be a box with a lot of gibberish text that looks a lot like the text in your CSR request. Select all of the text and copy it to Notepad. Save it to your desktop as a .cer file. To do this, in the “Save As” dialog box, put the file name in quotes, followed by .cer e.g. “mycert.cer”. This will stop the file being appended with a .txt extension. The result will be an icon on your desktop that looks like a cert. Rerun the certificate wizard. You will be prompted to process your certificate request and import the cert. Navigate to the .cer file that you saved to your desktop. It should import just fine.

            Also, it should be noted that a regular SSL cert will work just fine for the Web Conferencing Edge Server Public Interface, as it does not need a SAN. For the Access Edge Server Public Interface, however, you will need a UCC cert. To order this from Godaddy, in the Standard SSL box, select the radio button that says “Multiple Domain (UCC)”. It is just under “Single”, which is default. When you generate your cert request with the certificate wizard, don’t put in anything for the SAN. Just skip over the entry of the SAN in the certificate wizard. What will happen is you will be asked to specify the SAN entries in the Godaddy wizard when you are submitting your request. Then do the same thing as for the other cert, where you don’t try to import what Godaddy gives you. Go back, do a reissue, copy the resulting text to Notepad… etc.

            Comment


            • #7
              Re: Office Communications Server 2007 - Certificate woes

              Couldn't have said it much better myself...

              What I did was just change the extension on the .crt file from GoDaddy. I changed it from .crt to .cer so that the OCS wizard could import it. That seemed to work flawlessly and so far, I have not encountered any problems from doing that.
              A+ Network+

              Comment


              • #8
                Re: Office Communications Server 2007 - Certificate woes

                I am about to try and deploy Office Communicator 2007 for testing purposes and have a question. Is a certificate required even if you are just using the communicator for internal IM capabilities? Not going to have any external options set up or conferencing set up.

                Thanks

                Comment


                • #9
                  Re: Office Communications Server 2007 - Certificate woes

                  Without a proper certificate, you can only do regular IM...only 1-on-1 conversations. But yes it works.
                  A+ Network+

                  Comment


                  • #10
                    Re: Office Communications Server 2007 - Certificate woes

                    Thanks for the fast response. That at least allows us to test it a little before deciding. IM is really all we want it for anyways. Thanks again.

                    Comment

                    Working...
                    X