locked
UCC certificates on Edge server RRS feed

  • Question

  • I'm trying to install a UCC certificate for the public interfaces of my edge server. I'm using the typical names sip.domain.com for the access edge, webconf.domain.com for the webconferencing and av.domain.com for the av.

    I can generate and install the certificate no problem, but when I apply is, all the public interfaces' hostname revert to subject name of the certificate. I found another thread discussing this same issue, but it wasn't clear as this is intended behavior or not. I thought OCS was capable of handling UCC certificates. Is there a way around this or will I have to get single certificates for every interface?

    Thanks.
    Tuesday, October 20, 2009 7:34 PM

Answers

  • While it is not necessarily the recommended configuration due to that issue, it definately does work.  The most important rule to follow is the SN of the certificate should equal the FQDN of the access edge. 


    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Tuesday, October 20, 2009 8:03 PM
  • Assuming your UCC cert also contains the names webcong.domain.com and av.domain.com in the SAN fields it doesnt matter what the GUI shows on the edge interfaces once you select the cert, it matters what you put in as the FQDN of the edge interfaces during the Configure Edge Server Wizard.


    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Wednesday, October 21, 2009 1:28 PM

All replies

  • While it is not necessarily the recommended configuration due to that issue, it definately does work.  The most important rule to follow is the SN of the certificate should equal the FQDN of the access edge. 


    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Tuesday, October 20, 2009 8:03 PM
  • Thanks for the reply. So, if I understand this correctly, as long as the SN of the certificate matches the public fqdn of the access interface (sip.domain.com in my case) it will work ok. I'm going to use LiveMeeting as well and in my public DNS records I have webconf.domain.com and av.domain.com pointing to the respective interfaces on the edge server. Will it work even if the AV and Webconf fqdn on the server will change to sip.domain.com instead of webconf.domain.com and av.domain?
    Wednesday, October 21, 2009 12:54 PM
  • Assuming your UCC cert also contains the names webcong.domain.com and av.domain.com in the SAN fields it doesnt matter what the GUI shows on the edge interfaces once you select the cert, it matters what you put in as the FQDN of the edge interfaces during the Configure Edge Server Wizard.


    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Wednesday, October 21, 2009 1:28 PM