Public certificate for ocs edge server RRS feed

  • Question

  • Hi,

    Just wondering, do I really need to purchase public CA certificates for the OCS edge server?
    Is it possible to use
    certificates from internal CA for production environment?

    Wednesday, November 26, 2008 4:40 AM

All replies

  • Yes, it is possible to use internal CA certificates. However, any device that wants to connect through your Edge will have to trust your internal CA. In addition, you will not be able to federate with others who does not trust your internal CA. It can be difficult to distribute an internal CA certificate chain to users outside of the domain. This configuration is entirely possible though. Our internal deployment ran with internal certs on the Edge while I waited for approval to buy public certs. This worked fine for laptops on the domain as they received the internal CA chain through group policy. For non-domain users, they will have to manually import the CA certificate through the Certificates MMC module. You will need to import the CA certificate into the Trusted Root Certification Authority certificate store for the local Computer account, not the User.

    Jamie Schwinn
    • Proposed as answer by Thom Foreman Monday, December 15, 2008 9:26 PM
    Wednesday, November 26, 2008 6:25 AM
  • I see, thanks mate.
    Wednesday, November 26, 2008 9:00 AM
  • There may be another post for this somewhere, but I thought I would start here.  I have created an Internal CA for my test OCS environment.  I have ran through the installation a few times, but this is the first time I have created the Internal CA.

    The install and CA install seemed to go just fine, but none of the OCS core services will start.  It will try to start them, but after 10 minutes or so, it will fail.  (Front End, Telephony Conferencing, IM Conferencing, etc.)  I cannot start them manually and the OCS setup "Start Services" cannot start them. 

    When I try to start the services manually I get the following error:  "Windows could not start the Office Communications Server Front-End on Local Computer.  For More information review the system event log.  If this is a non-microsoft service, contact the service vendor, and refer to service-specific error code -1007781418."

    I have googled this error and have not came up with much at all. 

    Monday, June 8, 2009 2:24 PM