19 ตุลาคม 2550 22:42
I have OCS 2007 SE running all the parts on 1 server, I was not sure who supported certificates with SAN so I opted to
get a Wildcard Certificate from Godaddy. I need outside people to be able to get to the Livemeeting server and the Communicator. If I change to the Godaddy Cert I get this error.
"The subject name *.projecthope.org of the certificate assigned to process DataMCUSvc(5504) was not found in the trusted server list.
Certificate serial number: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repos
itory, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Certificate issuer name: 416CE4.
Verify that the Subject Name of the certificate presented by the remote peer is configured in the trusted server list"
If I reboot the server with the godaddy cert picked None of the services start and I get this error.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
The Office Communications Server Front-End service terminated with service-specific error 3287185878 (0xC3EE79D6).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.as
I have tried adding the cert to my trusted certs list and adding a godaddy intermediate cert, Nothing has helped.
Will OCS 2007 work with a wildcard cert, does anyone have it running??
23 ตุลาคม 2550 3:53ผู้ดูแล
Search this forum for "wildcard" and you'll find a previous post that indicates that wildcard certificates are not supported.
23 ตุลาคม 2550 15:42
Thanks, Godaddy has a new cert with multiple names I might try. And just to verify I need NAS if I want the Clients to auto login because they look for sip.xxx.com? Otherwise I could just use a normal Cert.
23 ตุลาคม 2550 21:46ผู้ดูแล
SANs should work fine - I've used the Entrust UC cert on a few occasions now (it takes up to 10 names). Just make sure your federation/PIC A record is in the subject - I've seen issues when this is not the case.
On a side note, you only need to worry about sip.domain.com if you're not publishing a SRV record that uses a different record. That's Communicator's fall back if it doesn't find anything else.