locked
Certificate Question RRS feed

  • Question

  • Regarding certificates , here is my query.

    1. My pool name is CompanyOCS.corp.local
    2. My server name (only one currently) is OCSFE1.corp.local
    3. The SIP name I currently use is kinfisher.company.com
    4. The SIP name I would like to use is sip.company.com for all internal and external users.

    My thought is I would need to create a DNS entry + SRV record as you pointed for sip.company.com.
    - And the certificated I would need would have the Subject Name : CompanyOCS.corp.local
    - And have the following subject alternative names.
    - sip.company.com
    - CompanyOCS.corp.local
    - OCSFE1.corp.local
    - OCSFE2.corpl.local

    Am I thinking correctly ? Can I get this kinf os a certficate (with corp.local) from godaddy ? 

    Any insight will be appreciated..

    thanks !
    Friday, April 17, 2009 4:37 PM

Answers

  • Hi Jeff -

    Thanks for the insight. We dont want to deal with using an internal Enterprise CA and godaddy.com is cheap :)

    We have a split dns scenario where we host company.com internally and externally and also corp.local.

    I didnt think I could get a cert for corp.local , which means I would need to have my users connect to companyocs.company.com ( instead of companyocs.corp.local) , this is doable , I am sure since I have a similr setup for my LCS Std Edition enviroment.

    At this point I dont even know whey I need the following SAN names on the cert...any thoughts ? ( I know I need CompanyOCS.company.com)
    - CompanyOCS.corp.local
    - OCSFE1.corp.local
    - OCSFE2.corpl.local

    thanks !
    Jay
    Think this blog answers my question : http://blogs.technet.com/mcs-ireland-infrastructure/archive/2008/06/18/ocs-2007-enterprise-edition-certificate-dns-requirements.aspx
    • Marked as answer by ZPoint2010 Wednesday, June 24, 2009 3:34 PM
    Friday, April 17, 2009 7:57 PM

All replies

  • Typically you should just use an internal Enterprise CA is issue those certificates; have you looked at that scenario yet or are you choosing third-party certs internally for a specific reason?

    Also, normally the internal servername would be the pool name and the external name would be sip.  So in your example the Front-End certificate would have an SN of CompanyOCS.corp.local while the Access Edge certificate would use sip.company.com.  The external (Access Edge external interface) certificate is usually from a third-party (like GoDaddy).
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, April 17, 2009 5:28 PM
    Moderator
  • Hi Jeff -

    Thanks for the insight. We dont want to deal with using an internal Enterprise CA and godaddy.com is cheap :)

    We have a split dns scenario where we host company.com internally and externally and also corp.local.

    I didnt think I could get a cert for corp.local , which means I would need to have my users connect to companyocs.company.com ( instead of companyocs.corp.local) , this is doable , I am sure since I have a similr setup for my LCS Std Edition enviroment.

    At this point I dont even know whey I need the following SAN names on the cert...any thoughts ? ( I know I need CompanyOCS.company.com)
    - CompanyOCS.corp.local
    - OCSFE1.corp.local
    - OCSFE2.corpl.local

    thanks !
    Jay
    Friday, April 17, 2009 6:37 PM
  • Hi Jeff -

    Thanks for the insight. We dont want to deal with using an internal Enterprise CA and godaddy.com is cheap :)

    We have a split dns scenario where we host company.com internally and externally and also corp.local.

    I didnt think I could get a cert for corp.local , which means I would need to have my users connect to companyocs.company.com ( instead of companyocs.corp.local) , this is doable , I am sure since I have a similr setup for my LCS Std Edition enviroment.

    At this point I dont even know whey I need the following SAN names on the cert...any thoughts ? ( I know I need CompanyOCS.company.com)
    - CompanyOCS.corp.local
    - OCSFE1.corp.local
    - OCSFE2.corpl.local

    thanks !
    Jay
    Think this blog answers my question : http://blogs.technet.com/mcs-ireland-infrastructure/archive/2008/06/18/ocs-2007-enterprise-edition-certificate-dns-requirements.aspx
    • Marked as answer by ZPoint2010 Wednesday, June 24, 2009 3:34 PM
    Friday, April 17, 2009 7:57 PM