locked
Certificate Error OC 2007 RRS feed

  • Question

  • Hi

    I have configured OCS 2007 and it is working properly i have setup a client and resolved the ABS sync issues.

     

    I have connected 1 client and it works perfectly....

     

    however i have installed another client on a separate PC but i get a certificate error and i am unable to connect

    (there was a problem verifying the certificate from the server. Contact system admin).

     

    I have an Internal Enterprise CA that issues certificates...

     

    I have not installed the certificate/CA on the PC that i have client software up and running on...

     

     

    Any Ideas???

     

    Thanks in advance

     

    Jeff Kelly

    Friday, March 14, 2008 2:59 AM

Answers

  • Hi,

    I worked it out... a few issues

     

    first

    _sipinternaltls._tcp.yourdomain.com SVR  DNS records

     

    second this also fixes autoconfiguration

    the login name has to be in the same sip domain

     

    pool = coms.company.net.au

     

    user@branch.com.au wont work wrong sip domain

    user@company.net.au correct sip domain

     

    and last but no least you have to use the certificate wizard to create certreq, when you have processed the request go to your CA(internal) and export the certificate and import it to IIS where front end server is for the address book 

    i used the wildcard with the certificate and it works fine internally (i have not tested externally but i am expecting errors so i know i will have to puchase a UCC for exchange/OCS 2007)

     

    *.company.net.au

     

    i hope this is useful to someone Smile

     

    Jeff Kelly

    Thursday, March 20, 2008 2:20 PM

All replies

  • Hi there,

     

    your pc with the client software needs the certificate to establish the encrypted connecten to the internal server. Without this certificate you'll only be able to connect via TCP. If you don't want to install the (root/ocs) certificate on every client pc you need to buy a certificate from a public certification authority like verisign or godaddy. These certificate are accepted by most of the clients. You can check with certificates your client will accept in IE under Extras > Internetoptions > Content > Certificates > Trusted Root Certification Authorities.

     

    Ronald

    Friday, March 14, 2008 1:44 PM
  • Cool to see you are giving the anwser on your own question. Install the certificate and certificate chain and you will be able to connect event with TLS (5061). Check my weblog if you want for more information.

    -Joachim Farla

     

    Sunday, March 16, 2008 10:15 PM
  • Hi,

    I worked it out... a few issues

     

    first

    _sipinternaltls._tcp.yourdomain.com SVR  DNS records

     

    second this also fixes autoconfiguration

    the login name has to be in the same sip domain

     

    pool = coms.company.net.au

     

    user@branch.com.au wont work wrong sip domain

    user@company.net.au correct sip domain

     

    and last but no least you have to use the certificate wizard to create certreq, when you have processed the request go to your CA(internal) and export the certificate and import it to IIS where front end server is for the address book 

    i used the wildcard with the certificate and it works fine internally (i have not tested externally but i am expecting errors so i know i will have to puchase a UCC for exchange/OCS 2007)

     

    *.company.net.au

     

    i hope this is useful to someone Smile

     

    Jeff Kelly

    Thursday, March 20, 2008 2:20 PM