Friday, March 20, 2009 10:07 PMMy understanding is that when you have a cert issued by most 3rd party CAs that the order of the names listed in the SAN will be presented to the device requesting the cert in what amounts to a random order. It is also my understanding that the order in which you enter the FQDNs in the SAN on a cert from a Microsoft CA is how they will be presented to the device requesting the cert. In other words on a Microsoft CA generated cert, whatever you put in as the last entry on the SAN will be presented last to the requesting device.
Given this and the R2 release note that states that the pool FQDN has to be the last entry on a SAN in order to get the ACD service to start, how could you use a cert from a 3rd party if you can't ensure that the pool FQDN will be presented last?
Sunday, March 22, 2009 10:34 PMYou can use the Certificate Wizard to specify the SAN list order
- Belgian Unified Communications Community : http://www.pro-exchange.be -
Tuesday, March 24, 2009 1:18 PMModeratorThere is no inhenreten difference between a 3rd party certificate or an internal CA certificate in regards to the order that the SAN entries are 'presented'. The values are entered in a single string in a defined order and parsed in that order by the application reading the certificate, so once the order is set all usage of that certificate will be the same. The created CSR defines the field values so the OCS wizard can set these the same regardless of what CA will be issuing a certifcate against it.
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS