OCS egde server 2007 R2 Cert Configuration


  • I am very confuse setting up my OCS edge server to do public IM
    I have one server hosting public IM, Webcon, and AV.
    I have external dns im.domain.com for public interface, conferencing.domain.com for webcon and av.domain.com for AV
    remote users can connect without a problem, but federation is not working.
    I am trying to configure an ENTCert and I get confuse.
    For the private interface I am using servername.damain.com for SN and SAN I'm using sip.domain.com
    For access edge server public interface I am using im.domain.com for SN and this is where I get confuse. I want use sip.domain.com and the server.domain.com, conferencing.domain.com

    Monday, December 21, 2009 3:46 PM

All replies

  • Ideally you should just configure sip.domain.com as your Access Edge external FQDN and then populate the Access Edge certificate SN field with just that field.  Unless you have multiple SIP domains there is no need for a SAN field unless you are attempting to use the same certificate for all external roles, which is not the preferred configuration.

    Take a look at this blog article for more details on the Edge Server certificate requirements: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, December 21, 2009 6:00 PM
  • Ok some of the blogs I red says states to have your web conferencing in your SAN so you don't have buy another cert just for that.
    No we do not have multiple SIP domains. Is there a work around on my current configuration or we need to reconfigure

    Monday, December 21, 2009 6:39 PM
  • Technically the name you selected will work, so we'd need more details on what specifically isn't working and the errors you get in order to figure out what the root cause is.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, December 21, 2009 6:44 PM
  • TLS handshake failed: Error Code: 0x80131500 Remote disconnected while outgoing tls negotiation was in progress
    [0xC3FC200D] One or more errors were detected
    Attempting to establish SIP dialog: Processing failed as one or more steps did not complete successfully
    Tuesday, December 22, 2009 2:45 PM