Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
OCS certificate issue RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,
    I have installed OCS 2007 R2 standart edition on Win 2k8 64bit system. My internal server FQDN is demo-OCS.contoso.local and the public/external FQDN is onpremise.contoso.net.

    It is a requirement that the certificate 'Common Name' should match server internal FQDN [in my case demo-OCS.contoso.local]? If it is so then in my case the internal FQDN has *.local extension. I checked with few SSL provider and none of them support *.local extension.

    Any suggestion is highly appreciated.

    Thanks.

    Thursday, August 27, 2009 10:23 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    You should NOT remove the SE server first if you want to retain your system/user settings.  Simply deploy an additional EE server first, then move current OCS users over to the new pool; then you can remove the SE server.

    A single node EE install could take from 1-4 hours depending on on how much of the prereqs you have ready to go, like SQL Backend instance, DNS records, networking configuration, etc.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, August 28, 2009 2:26 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    It is reccomended to deploy OCS with an enterprise root CA in your environment to avoid issues like this with your internal certificates.

    Each server installed in the environment will require a SSL cert to allow for MTLS communications between servers and clients. Public certificates will work, however it can get expensive.

    If you were to deploy an enterprise edition server setup you could get away with having a pool name that differs from the standard edition server name, but since you are deploying standard edition server, the pool name is the server name.

    This is a quick link to describe the certificate support in ocs 2007 R2 http://technet.microsoft.com/en-us/library/dd425213(office.13).aspx

    So in summary, your fix would be either enterprise edition, or an internal CA (reccomended)



    Randy Wintle | MCTS: UC Voice Specialization | WinXnet Inc
    Thursday, August 27, 2009 11:12 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Randy,
    Thanks for your prompt reply. It make thing more clear now. Quick question on installing Enterprise edition, Do i need to uninstall the Standard before installing Enterprise edition ? What other things i need to take when i am switching btw them ?

    One other quick question, How long does it take to install the the Enterprise edition ? I looked at one post
    http://www.shudnow.net/2009/01/05/office-communications-server-2007-r2-enterprise-deployment-part-1/ and it seems like a complex installation with many configuration steps.

    Thanks.
    Thursday, August 27, 2009 11:48 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Are you using an Edge Server as well? External modalities like AV,Web Conferening, and sip require an edge server (which can be used in conjunction with your standard edition deployment). Other services like distribution group expansion and address book download can leverage your internal standard edition server with a reverse proxy to perform SSL <-> SSL bridging. In any case, if you need a .local address in a public cert you can use GoDaddy (although there's an additional verification step on their end - you'll need to call them after submitting). I hope that helps.

    Luke
    Friday, August 28, 2009 5:41 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    You should NOT remove the SE server first if you want to retain your system/user settings.  Simply deploy an additional EE server first, then move current OCS users over to the new pool; then you can remove the SE server.

    A single node EE install could take from 1-4 hours depending on on how much of the prereqs you have ready to go, like SQL Backend instance, DNS records, networking configuration, etc.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, August 28, 2009 2:26 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks for replying Jeff & Luke.

    Jeff, Can install EE server on the same box where i have SE installed ?
    Friday, August 28, 2009 6:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    No, they cannot be collocated on the same server for a multitude of reasons.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, August 28, 2009 7:54 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Jeff,
    Can you point me to any reference to single node EE installation guide?

    THanks.
    Monday, August 31, 2009 7:38 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    You can try Elan Shudnow's comprehensive blog article on deploying OCS Enterprise Edition:
    http://www.shudnow.net/2009/01/08/office-communications-server-2007-r2-enterprise-deployment-part-2/
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, August 31, 2009 9:27 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    You may wish to consult the white paper listed as "OCS 2007 R2 Deploying Certificates" at the Microsoft Office Communications Server 2007 R2 Documentation site here.

    Do let us know if this helps. Thanks.
    TechNet Forum Moderator - http://www.leedesmond.com
    Tuesday, September 1, 2009 12:10 PM
    Moderator