locked
problem verifying the certificate RRS feed

  • Question

  • Hi,

    I am having a problem with oc 2007 connecting to the ocs 2007 server for pcs that are not members of the Active Directory domain. Everything works fine for clients on the domain, but for clients that are not members of the domain I get the following error "there was a probelm verifying the certificate from the server.please contact your system administrator"

    Anybody any ideas

     

    much appreciated

    Patrick

    Monday, July 23, 2007 2:45 PM

Answers

  • It sounds like you've generated the certificates from an Enterprise CA, in which case the certificates are automatically trusted by domain-joined clients.  You will need to install the root certificate on clients that are not domain joined.  To do so, browse to the /certsrv web site on your certificate server (if it's running IIS) and click "Download a CA certificate, certificate chain, or CRL" and then "install this CA certificate chain" (at the top of the page).

    If it's not running IIS you can export the root certificate from the CA MMC (properties of the CA) and import it manually onto each machine.
    Monday, July 23, 2007 6:52 PM
    Moderator

All replies

  • Patrick,

     

    Try loooking into the client's application log. The actual error may be there, and it may be more informative than that one.

     

    Thank you.

     

    Monday, July 23, 2007 5:37 PM
  • It sounds like you've generated the certificates from an Enterprise CA, in which case the certificates are automatically trusted by domain-joined clients.  You will need to install the root certificate on clients that are not domain joined.  To do so, browse to the /certsrv web site on your certificate server (if it's running IIS) and click "Download a CA certificate, certificate chain, or CRL" and then "install this CA certificate chain" (at the top of the page).

    If it's not running IIS you can export the root certificate from the CA MMC (properties of the CA) and import it manually onto each machine.
    Monday, July 23, 2007 6:52 PM
    Moderator
  • Mike you are awesome....   you dont how happy i am in installing the OCS server and able to login using a test user...

     

    This simple mistake made re-install the server... thank you again...

     

    +Ravishankar

     

    Thursday, November 13, 2008 10:06 PM
  • Just wanted to say the solution worked for me also.  I exported the Root CA cert and installed it on the client machine The client machine is no longer receiving the error and able to connect to the communications server.
    Monday, September 21, 2009 6:21 PM
  • Maybe this information can help:
    "This is caused by the certificate on the server not matching the host name you are trying to connect to. Typically this is because the _sipinternaltls SRV record in DNS is pointing to a physical OCS server instead of the pool name and the certificate on the server is (rightfully) issued for the pool name."
    http://blogs.technet.com/kpalmvig/archive/2009/01/07/troubleshoot-office-communicator-problem-verifying-certificate.aspx

    Wednesday, December 16, 2009 2:02 PM