Communicator Web Access Install using external CA RRS feed

  • Question


    Deploying CWA with internal access only (in fact aiming to use it for Blackberry client). However cannot install due to a certificate problem, I'm receiving the error 'The subject name of the certificate you selected does not match the current machine's FQDN'


    We do not have any internal CA, so were looking to use an external (public) CA for both the MTLS and SSL certificate. As CWA does not have the OCS server componenets installed the certificate request was generated suing the IIS certificate generation wizard.


    So my questions are:-


    1) Is it possible to use the same external certificate for both the MTLS and SSL functions? Or do I need to generate 2 separate requests and purchase 2 separate certificates? If this is the case how do I generate the MTLS request - the CWA install instructions only cover requesting it from an internal CA.


    2) If it is possible to use the same certificate what format should the issued to name and friendly name be? I'm assuming they should be servername.company.com (for Issued to) and Default Web Site (for friendly name). My existing certificate shows as poolname.company.com (for Issued to) and server Netbios name (for friendly name).


    Any help appreciated, the CWA installation instructions definitely seem to assume you have internal CA's.



    Wednesday, September 3, 2008 3:57 PM

All replies

  • Whether you are using an internal or third-party CA, the configuration would be the same.  The IIS-attached certificate would need to have the Subject Name match the configured FQDN for the CWA website, while the MTLS certificate needs the Subject Name to be set to the local server's FQDN.


    If you use the same FQDN for the local server and the CWA website, then a single certificate could be used.  I haven't tried using SANs in this configuration though; if I get a chance I'll try to reconfigure CWA in my lab and see what works/fails.

    Wednesday, September 3, 2008 11:02 PM