OCS 2007 Certificate issues RRS feed

  • Question


    I am having a problem installing OCS 2007 Standard Edition with the certificate.

    My internal domain name is different to my external domain name.

    Internal: cont.ad

    External: contosore.com

    I am deploying this version in only one server. When I create the pool I do not have a choice to change the name of the pool.

    Now, if I create a certificate to be installed in IIS named servername.cont.ad (Internal domain) when I install Office Communicator on the client PC I received an error with the certificate and all the features for web conferencing, web commponent are OK. If I create a certificate named servername.contosore.com (External domain) then I do not have the error with the certificate but the web component and web confrenecing cannot be accessed.


    Please, I am new installing OCS. How can I configure OCS 2007 to work properly.




    Thursday, April 17, 2008 5:28 PM

All replies

  • am having the same problem has anyone seen experienced this? please profer a solution



    Thursday, June 5, 2008 3:50 PM
  • Using seperate internal and external namespaces is very common (typically recommended in fact) and just requires a little planning in order to get everything setup correctly.


    Are you using both domains as configured SIP domains, or only the internal domain name?  I would recommend going back through the deployment guides are verifying that you configured each step correctly in relation to certificate Subject Name and SANs, DNS SRV records, pool name, etc.





    Thursday, June 5, 2008 4:16 PM
  • Also, take a look at this article for some detailed steps on configuring OCS with split DNS zones.



    Thursday, June 5, 2008 4:21 PM
  • Hello Elvys,


    We need to have SAN (Subject Alt name on the certificate) to make this setup to work.


    On the certificate-- name of the certificate should be your pool name . Like Servername.internaldomain.com and SAN will have 2 names, servername.internaldomain.com and servername.externaldomain.com. once you have this on the

    certificate all the OCS services should start.


    Enable Subject Alternative Names for the CA:
    certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
    net stop certsvc
    net start certsvc





    Tuesday, June 10, 2008 6:04 PM
  • Using the certificate wizard in OCS is recommended, which already handles populating the SAN field.  By default the configured SIP domain names are entered here.
    Tuesday, June 10, 2008 8:56 PM