locked
Wildcard Certificate Support on A\V Conferencing Server RRS feed

  • Question

  • Hi There,

     

    Could anyone shed some light on whether wilcard certificates ie. *.us.contoso.com are supported on OCS 2007 (SE) deployments. We're running into issues starting services after moving from our Enterprise Microsoft CA to Wildcard Public CA.

     

    SAN's have been specified in the Widlcard Certificate: ie.

     

    SN: *.us.contoso.com

    SAN: *.us.contoso.com, us.contoso.com, hostname.us.contoso.com, etc,

     

    After adding the the server name *.us.contoso.com to the trusted servers list using OCSTrustEntry.vbs tool in the OCS 2007 Resource Kit, all services start, apart from the A/V Conferencing Service.

     

    One of the 2 errors are below. Is there any way round this issue, or do we aboslutely require the SN to match the FQDN of the server or pool?

     

    Thanks, Alan Vink

     

    Error 1 in Event log is:

     

    Event Type: Error
    Event Source: OCS MCU Infrastructure
    Event Category: (1022)
    Event ID: 61031
    Date:  23/08/2007
    Time:  10:20:46 AM
    User:  N/A
    Computer: HOSTNAME
    Description:
    Failed to start service for the following reasons The selected certificate could not be found or the subject of the certificate does not match the FQDN of the server or pool.

     

    Error 2 in the Event log is:

     

    Event Type: Error
    Event Source: OCS Audio-Video Conferencing Server
    Event Category: (1017)
    Event ID: 32022
    Date:  23/08/2007
    Time:  10:20:46 AM
    User:  N/A
    Computer: HOSTNAME
    Description:
    An invalid certificate was selected for TLS connections.

    Issuer: XXXX

    Cause: The selected certificate could not be found or the subject name of the certificate does not match the FQDN of the server or pool.
    Resolution:
    Use MMC to select the correct certificate.

    Thursday, August 23, 2007 12:27 AM

All replies