locked
GoDaddy.com UCC not working ... any ideas? RRS feed

  • Question

  • I purchased a credit at GoDaddy.
    I setup OCS 2007.
    Created a Cert Req file using wizard.
    Uploaded to GoDaddy to then get my cert.
    GoDaddy denies the request, stating:
    "Requests cannot contain duplicate subject alt names or a subject alt name that is the same as your primary common name."

    Upon further inspection, the certreq tool DOES duplicate the common name (subject name) value in another Alt Name field.

    On the DigiCert site I found this:
    " If an SSL certificate has a Subject Alternative Name (SAN) field, then SSL clients are supposed to ignore the common name value and seek a match in the SAN list. This is why DigiCert always repeats the common name as the first SAN in our certificates."

    GoDaddy appears to be completely wrong in denying my request ... anyone else experience this?

    What cert provider are you using?

    Also, I wanted to only use 2 hosts in my cert: *.<internal domain.local> and *.<external domain.com> ... any issues with this?

    Thank you.

    UPDATE!!!: I called GoDaddy and they do NOT support OCS 2007 UCC certs.  Their UCC certs will only work with Exchange!!!!!
    Bottom line: Godaddy does not support OCS 2007 at this time.Godaddy.com UCC certs are supposed to work.


    Monday, March 17, 2008 5:06 PM

All replies

  •  

    The host within the cert (internal domain.local> and *.<external domain.com>).  I am assuming one is for internal access and the other for external access (Internet).  You cannot use the same certificate for the Edge and Internal servers.  Start there first..

     

    We had clients run into this problem with there Exchange 07 environments.  They to had GoDaddy certificates, but the problem seemed to stem from how their certificates were configured (Root/Intermediate/).  At the time they ran into this issue GoDaddy was not on Microsoft list of supported Unified Communications Cert Providers.  Now, looking at the partnered list of CAs, it appears as though they have made it onto the list.  Reference to the list is in the following paragraph.  Normally if you make it on this list then Subject Alternative Names are supported (They were not with GoDaddy prior), so you may want to eliminate using the wildcard which is most likely causing the problem. 

     

    For a list of public certificate authorities that provide certificates that meet specific requirements for Unified Communications certificates and have partnered with Microsoft to ensure they work with the Office Communications Server Certificate Wizard, see the Microsoft Web site at http://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=SupportedCAs 

     

    Friday, March 21, 2008 5:33 PM
  • GoDaddy does support OCS certificates now. When using the Edge Deployment Wizard to generate your certificate requests, do not add the other SANs. Just sip.domain.com. Once you input your CSR into godaddys wizard, it will ask for the additional SANs to put on the certificate.

     

    Tuesday, April 15, 2008 7:29 PM
  • I don't see how that post is constructive in any way.

     

    And we'll pretend not to notice the irony in your signature misspelling.

    Saturday, September 6, 2008 2:32 AM
    Moderator