locked
Verisign Certificates for External Edge Interface RRS feed

  • Question

  • I have a quick question surrounding the external Edge Server certificate. I have seen a few posts suggesting using a Verisign certificate for PIC & Federation. However, Microsoft's documentation suggests the only Entrust, DigiCert, and Comodo are the "official" UCC Certificate providers (http://support.microsoft.com/kb/929395/EN-US/). Can you use a Verisign cert for this interface, or does it require one of the providers mentioned in the KB article? Thanks.

    Wednesday, February 13, 2008 4:22 PM

All replies

  • You can use Verisign as long as the certificate you request has the capabilities you need - specifically Subject Alternative Names (if applicable based on your deployment) and Client EKU for AOL.  The other providers have made it easy to get UC-ready certificates, and they tend to be cheaper as well.

    Thursday, February 14, 2008 4:41 PM
    Moderator
  • You can use verisign certificate without any problem. make sure you get the certificate where subject name is the external AP FQDN and the Enhanced key Usage field has "Server authentication" and "client Authentication".

     

     

    Ram K Ojha
    MCSE 2003 (Messaging), MCTS - (LCS 2005, OCS 2007)
    http://www.ocspedia.com
    http://www.ITCentrics.com

    Friday, February 15, 2008 5:09 AM
  •  

    Verisign DOES offer UCC (SAN) certificates, but you must enroll in their managed PKI program.  It's pretty expensive.  over $3k a year if all you want is the UCC...

     

    http://www.verisign.com/products-services/security-services/pki/

    Thursday, March 13, 2008 6:55 PM