locked
Certificate Problem RRS feed

  • Question

  • Hi folks.  Having a real problem with certificates and ocs in my test environment.

     

    All certificates for the edge (internal and external), director and pool servers have been generated by my local CA.   The CA Certificate has been installed as a trusted root authority in the certificate store for the local computer account.  The CA Certificate has also been installed on my workstation.

     

    I am able to log in to the ocs environment both internally (via the pool) and externally (via the access edge), so everything seems fine, but when I attempt to view the certificate configuration for one of the servers, I get errors.

     

    On the edge servers, I bring up the properties for OCS from the computer management MMC, select the Edge Interfaces tab and hit the Configure button for either Internal, access edge or web conferencing.  After a delay of 5-10 seconds, I get an error message stating

     

    "A certificate with a valid certificate chain is required.  please select a new one"

     

    The same occurs if I attempt to view the properties of the director, or either of the 2 enterprise pool servers.

     

    One interesting point.  If I attempt to view the properties for pool server 1 from pool server 2 (and vice versa), I am able to view the certificate information. 

     

     

     

     

    Thursday, March 27, 2008 6:20 AM

All replies

  • Open the MMC -> Certficates -> Local Computer and view your certficate.

    Look if the certificate chain is valid

     

    Friday, March 28, 2008 12:53 PM
  • Sounds like you don't have a valid key pair associated with your certificates.  I recommend using the OCS Certificate Wizard to assist in creating your CSRs and assigning your certificates...makes life much easier.

     

    Rob

    Thursday, April 3, 2008 6:44 AM
  • I had a similar problem when one front end server was signed by CA X, and the secodn front end server was signed by CA Y. Both servers were operational, but i got that error in the MMC snap-in. Once I changed the certificates to use the same CA the error went away.
    Thursday, April 3, 2008 10:17 AM