How to install a public certificate on a internal OCS 2007 Standard server, and what fqdn names to choose. RRS feed

  • Question

  • Hi there,

    I'm currently in the process of configuring my 3rd OCS 2007 Standard server on a VMWare esx 3.5 Inviroment.

    The server will be used for internal and demonstration purposes through vpn connections usage only at this point. In a couple of months we will try and add a Edge Server for external communication possibilities.

    We are not allowed to install a internal certificate server, which makes this a challenge. Now, the FDQN of this server is ocs01.domain.local. The sip domains are: sip.domain.local, and domain.local. I wish to register a COMODO certificate for this server, which is on the microsoft supported SSL certificates list.

    The problem is: I cannot register a COMODO certificate with internal names. I need a public FQDN to register a COMODO certificate as a Subject Name. But when I choose for example Subject Name, ocs.publicdomain.com, and import it into my server, I cannot start the OCS 2007 Services. I get these errors:

    [0xC3EC79E6] Service failed to start as requested.

    Also in the eventlog I read errors about the certificate, the public domain name (Subject Name) Is not in the trusted Servers list.

    What I am doing wrong here? And what should be the right procedure to follow in my case.

    Thanks a lot in advance.

    Wednesday, September 10, 2008 9:11 AM

All replies


    Your certificate MUST include a Subject Alternate Name (SAN) with the actual FQDN of your server.  If the certificate doesn't include the actual host name then you will continue to see the error you mentioned.  There is not a workaround for this.
    Wednesday, September 10, 2008 9:29 PM