Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
OCS CWA Certificate wizard gives error regarding the names dont match RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi there,

    I'm just about to run an install again for the CWA (Communicator Web Access) install on a single role server using 2007 R2 OCS install and I get an error when selecting the certificate from the properties section of the wizard saying the names dont match. Is this likely to be SAN related or Computer server name related as the name on the ceritificate seems to add "CWA-servername.domain.local" to the details". Do I need to use the local machine MMC console and setup my own certificate even though the OCS CWA install wizard allows you to select just the one with added letters at the start?
    Wednesday, September 2, 2009 5:57 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    What certificate are you attempting to select? Have you deployed CWA on the SE Front-End server or on it's own dedicated server?  The CWA Activation wizard will only accept a certificate for MTLS that uses the server's FQDN in the Subject Name.

    Take a look at this blog article for details on single/multiple certs for CWA: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=75
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, September 2, 2009 1:35 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    What certificate are you attempting to select? Have you deployed CWA on the SE Front-End server or on it's own dedicated server?  The CWA Activation wizard will only accept a certificate for MTLS that uses the server's FQDN in the Subject Name.

    Take a look at this blog article for details on single/multiple certs for CWA: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=75
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, September 2, 2009 1:35 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    hi
    Any update for issue.
    Jeff gave a good suggestion, try it.
    If there still any issue, plese tell us.

    Regards! 
    Tuesday, September 8, 2009 10:45 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hey Jeff,

    Its the MTLS certificate to start with so I can complete the CWA install. That blog is right, for some reason it keeps finding a certificate where the FQDN is different, 4 letters are added with a hyphen, no idea why. Can I run a cert request via the OCS standard server to local CA, then complete the request but using the CWA FQDN, then export it to the correct CWA server? That will give me private key and correct FQDN...

    I've been looking at 2 MS install guides, one using LCSCMD and is confusing, the other is the main guide using the HTTPS://CA-FQDN/certsrv and that isn't much better - why oh why dont they have a proper wizard like the other installs lol.

    Cheers for this

    tony
    Tuesday, September 8, 2009 5:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Tony,

    Take a look at the OCS Certificates White Paper that was recently released: http://go.microsoft.com/fwlink/?LinkId=163083.  This may help explain alternative methods.  Also look at Rick Kingslan's comment on my blog article linked in my original post (he's also the author of the article above) for an unsupported/untested workaround that might help.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, September 9, 2009 1:55 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Putting the CA root path on the CWA server before doing the install seemed to fix everything, then running the install wizard, a new certificate appeared with the correct FQDN of the CWA server and it all works! Thanks all.
    Thursday, September 10, 2009 8:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Yes, the certificate chain must be trusted by the CWA server, which should typically happen by default when the CWA server is itself a domain-member.  For future reference, this article covers the steps to validate and configure that trust:
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=72
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, September 10, 2009 12:02 PM
    Moderator