locked
Can we install OCS 2007 R2 with out certificates? RRS feed

  • General discussion

  • Can we install OCS 2007 R2 with out certificates? I did not find any documentation regarding this. Can somebody give me references if there are any?
    Vijay Bhasker Reddy CH.
    Monday, May 4, 2009 6:15 AM

All replies


  • Digital certificates for the respective OCS 2007 R2 server roles are a must to secure server-to-server and server-to-client communications. You can procure certificates using an internal PKI or third party public root CA (Verisign, Entrust, etc.).

    You can read a description of this mandatory requirement here.

    Hope this helps. Please keep us posted. Thanks!

    http://www.leedesmond.com
    Monday, May 4, 2009 9:41 AM
    Moderator
  • Desmon,
    I have the same question as Vijay. The problem is that my customer requires all traffic between servers and clients to flow unencrypted.

    This is easily done between servers and klients, but as Vijay I haven't found any documentation on how to run the server-to-server traffic without encryption. I'm aware that this is not exactly best practise, but as mentioned - a requirement from my customer.

    Any hints or tricks?

    Cheers,
    Martin

    Friday, September 11, 2009 3:17 PM
  • Certificates are a mandatory requirement for server to server communication and client to server communications. 
    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Friday, September 11, 2009 5:26 PM

  • IIRC reading somewhere, this may be possible (need to check out again). First, you have to get pass the OCS setup step for certificate deployment. Then again, you risk OCS functions not working properly to unnecessary exposures for unsecured tranmission (signaling, media). Besides, such deployment scenarios are likely to be not supported in production environment.

    Perhaps a look at this recently white paper on certificate deployment for OCS 2007 (RTM/R2 and LCS 2005 SP1) would be useful?

    Please let us know if this helps. Thanks.

    TechNet Forum Moderator - http://www.leedesmond.com
    Friday, September 11, 2009 8:01 PM
    Moderator