OCS R2 Self Signed Cert RRS feed

  • Question

  • I have seen mixed answers to this.  Does OCS support and work with Self Signed Certificates?  I have been pushing OCS for IM with a couple companies that have small offices around the US. These are companies that currently run SBS 03, will be moving to SBS 08.

     I THINK OCS would be good for them and they might grow to using the VOIP or app sharing pieces but I know they aren't going to plunk down 1k a year for a certificate, not likely to do 300 a year for that - before I go any further with this, does OCS support self signed certs?
    Monday, April 27, 2009 8:12 PM

All replies

  • NO OCS does not support self signed certs
    But you can deploy a Windows Certificate Service and use that to generate OCS Certs, that is the preferred way to go and also FREE because Certificate services is included in every Windows license
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Monday, April 27, 2009 8:59 PM
  • I am unable to get my SBS 2003 CA to issue a certificate that ocs can use - this certificate thing on OCS is very tricky and unclear.
    Monday, May 4, 2009 8:51 PM
  • Please use the built-in Certificate wizard in OCS that should help
    Click on the Front-End server and select the Certificates Wizard on the Right
    If your SBS has AD integrated certificate services then it is very easy
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Monday, May 4, 2009 9:01 PM
  • I'm not sure what's wrong here, but I am not able to create or export/import a certificate.  Previously to setting up OCS on a server I did not have CA installed on the SBS 03, I had a self-signed certificate for owa.  I installed CA on the server, (I'm assuming this was the best place for the CA), from there I tried to create a certificate from the OCS server.
    Tuesday, May 5, 2009 2:28 PM
  • What excact steps are you following?
    Did you read the documentation about certificates?
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Tuesday, May 5, 2009 3:03 PM
  • I appreciate the help!!

    I have done the steps described in the link you gave.  When I run the steps to create a new certificate, using  the steps given on the technet site, I end up with
    "Certificate Wizard completed with failures", lover in this window the message "An error occured when attempting to process this request."  The wizard does find the CA on the SBS

    I see I missed a step - so maybe I missed more.  I assumed the admin account was automatically made part of the needed RTC... group.   I added the admin acccount logged in to the OSC server machine to the RTCUniversalServerADmins group and the results changed some.

    I still get the failure window - "Certificate Wizard completed with failures" but now I get lower in that window
    "The request was submitted to the Certificate Authority successfully.

    However, the request was denied by the CA administrator.
    Tuesday, May 5, 2009 3:29 PM
  • Chances are that you do not have access with your current account
    You can also try the CERTSRV website on SBS to request a certificate
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Tuesday, May 5, 2009 5:53 PM
  • I can give the account the credentials needed - that would be good for me to know I guess.  I can't access the certsrv website from this machine, the ocs server machine is  2008:  This is the message from the web page, I'll check the kb article and see what is needed here.  I wish this weren't so complicated  :)

    The certificate enrollment page you are attempting to access cannot be used with this version of Windows. To enable Web certificate enrollment for clients running Windows Vista, your administrator must update all Windows CA Web enrollment pages. To learn more about this issue and the steps needed to update Web enrollment pages to support all versions of Windows, see:

    Tuesday, May 5, 2009 6:07 PM
  • You can copy paste the cert info to the SBS server
    Make sure that you select the certificate to be exportable so that you can move it to the Windows 2008 machine

    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Tuesday, May 5, 2009 11:09 PM
  • Well thanks for your help!  It's pretty bad that I have to drop my OCS project because of a certificate -but I've tried all different ways and still it doesn't work or doesn't import or export.  I've spent a lot of time setting all this up to test and to "sell" to management, been stuck on this for a week.
    Friday, May 8, 2009 6:29 PM