Mutual TLS RRS feed

  • Question

  • I installed a brand new ocs server with a cerificate which we purchased fromVerisign. Works great users can connect with there clients in TLS mode. I would like to install CWA on another server an use the same cert, can this be done or do I need to purchase another cert



    Friday, May 16, 2008 3:40 PM

All replies

  • If it is standard edition OCS server and you are going to install CWA on the same server then yes.. you can use the same cert for MTLS and https on CWA.

    If it is Enterprise edition then you need to have a cert with SAN. Poolname and Server FQDN both should be in the certificate.

    R. Kinker
    MCTS - LCS 2005, MCTS - OCS 2007

    Saturday, May 17, 2008 5:37 PM

    Microsoft doesn't really support co-location of CWA on a front end server.  You should put it on another server (with another certificate).  Use a virtual machine.  You will have better results.  The web components and the CWA website will stomp all over each other.
    Monday, June 16, 2008 7:51 PM

    This is what I am doing , installing CWA on a VM but I have ran into a snag. It's asking me for a mutual TLS cert, I have exported my cert from the OCS server and imported the cert in the CWA server but still no go


    Does anybody have an idea how to get both to work together

    Friday, October 10, 2008 7:11 PM
  • You won't be able to use the same certificate because the servers have different names and FQDNs.
    You'll need to either deploy a Windows internal CA and request a certificate from that or generate a CSR and request a certificate for your CWA server from Verisign.

    FQDNs and certificate subject names must match up everywhere within your entire OCS environment otherwise nothing will work. There's no "ignore certificate errors" button when it comes to MTLS or MOC/LM.
    Friday, October 17, 2008 1:47 PM