ลงชื่อเข้าใช้
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
Subject Alternate Name and Wildcard Cert.

Locked Subject Alternate Name and Wildcard Cert.

  • 19 ตุลาคม 2550 22:42
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0

    I have OCS 2007 SE running all the parts on 1 server, I was not sure who supported certificates with SAN so I opted to

    get a Wildcard Certificate from Godaddy.  I need outside people to be able to get to the Livemeeting server and the Communicator.  If I change to the Godaddy Cert I get this error.

     

    "The subject name *.projecthope.org of the certificate assigned to process DataMCUSvc(5504) was not found in the trusted server list.
    Certificate serial number: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
    Certificate issuer name: 416CE4.
    Resolution:
    Verify that the Subject Name of the certificate presented by the remote peer is configured in the trusted server list"

    If I reboot the server with the godaddy cert picked None of the services start and I get this error.


    Event Type:      Error
    Event Source:      Service Control Manager
    Event Category:      None
    Event ID:      7024
    Computer:      HQ-APPS2
    Description:
    The Office Communications Server Front-End service terminated with service-specific error 3287185878 (0xC3EE79D6).
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I have tried adding the cert to my trusted certs list and adding a godaddy intermediate cert, Nothing has helped.

     

    Will OCS 2007 work with a wildcard cert, does anyone have it running??

     

    Thanks

     

    Scott

       

    ตอบทั้งหมด

    • 23 ตุลาคม 2550 3:53
      ผู้ดูแล
       
       
      ลงชื่อเข้าใช้เพื่อโหวต
      0

      Search this forum for "wildcard" and you'll find a previous post that indicates that wildcard certificates are not supported.

         
      • 23 ตุลาคม 2550 15:42
         
         
        ลงชื่อเข้าใช้เพื่อโหวต
        0

        Thanks, Godaddy has a new cert with multiple names I might try.  And just to verify I need NAS if I want the Clients to auto login because they look for sip.xxx.com?  Otherwise I could just use a normal Cert.

         

        thanks again

         

        SCott

         

           
        • 23 ตุลาคม 2550 21:46
          ผู้ดูแล
           
           
          ลงชื่อเข้าใช้เพื่อโหวต
          0

          SANs should work fine - I've used the Entrust UC cert on a few occasions now (it takes up to 10 names).  Just make sure your federation/PIC A record is in the subject - I've seen issues when this is not the case.

           

          On a side note, you only need to worry about sip.domain.com if you're not publishing a SRV record that uses a different record.  That's Communicator's fall back if it doesn't find anything else.