locked
Tanjay CA config (Again!) RRS feed

  • Question

  •  

    Hello!

     

    I am trying to connect my tanjay device through my edge server. I have all the necessary DNS entries (MOC works fine) to connect but I need to be able to install my root CA certificate. I cannot access my AD as I am a remote user so I cannot get the root cert from AD.

     

    Has anyone any ideas how I can do this? I have the root CA cert as a .cer file but the USB slot on the back doesn't seem to recognise any USB sticks.

     

    Thanks for your help!

     

    Brian.

    Wednesday, March 12, 2008 2:13 PM

All replies

  • You must use a Public Certificate on the EDGE server.

    No need to download the internal Root CA Certificate.

     

    Johan

     

    Thursday, March 13, 2008 10:01 PM
  •  

    Dear Johan,

     

    I am also experiecing problems with a Tanjay we have as a test device from Microsoft Belux.  I can see that the Tanjay can connect to OCS, but when checking the certificate, it doesn't seem to find our RootCA. 

     

    I found the blog of Jens Rasmussen:

     

    http://blogs.technet.com/jenstr/archive/2007/11/17/how-to-make-the-root-ca-certificate-available-for-office-communicator-2007-phone-edition.aspx

     

    I checked both settings he mentions in AD, and they seem to be present, but the Phone is not logging in.  Could you help me out?

     

    Thanks,

    Best Regards

    Wim

     

    Friday, March 14, 2008 2:39 PM
  • If you are using the device inside your company then you also must configure your NTP time source

     

    The device needs to have NTP access (port 123/UDP) to time.windows.com or to an internal NTP server. The internal NTP server is located by looking for the _ntp SRV record in the SIP URI domain. The SRV record should point to your NTP server.

     

    Johan

    Friday, March 14, 2008 11:57 PM
  • Dear Johan,

     

    Thanks for your suggestion, but the Tanjay did have access to the microsoft NTP server.  I could see it got the correct time. 

     

    The good news is that the device suddenly works.  I did not change anything in our Active Directory or config, but yesterday I booted the Tanjay WITHOUT the network cable attached.  I got the error that no network was available, plugged in the cable, and signed in again.   Then suddenly the Tanjay did find the certificate OR was in any case able to sign me in.  Very weird.  Maybe it is a bug in the firmware or something, I really do not understand it.

     

    So, maybe this can be a hint for other users that experience CA issues:  let it boot without a cable.  I will check monday if I can find more on the issue.

     

    Thanks,

    Best Regards

     

    Wim

    Sunday, March 16, 2008 10:42 AM
  • OK, I found a post from someone who described connecting to a file share from the Tanjay and copying the CA root certificate onto the device.

     

    This worked fine which is good.

     

    Thanks for your suggestions!

    Tuesday, March 18, 2008 8:39 AM
  • Please note that you cannot do that in RTM version of the Tanjay.

    You are able to exit the communicator interface in previous versions but not in RTM

     

    So this should not be your permanent solution

     

    Tuesday, March 18, 2008 11:07 AM
  • Great, thanks for this information. Presumably then, the only way to get the CA root cert onto the device is via AD?

    Tuesday, March 18, 2008 11:12 AM
  • You have actually 2 options to put the Cert on the device

    Ad and Webserver

     

    There is a great post explaining it here:

    http://blogs.technet.com/jenstr/archive/2007/11/17/how-to-make-the-root-ca-certificate-available-for-office-communicator-2007-phone-edition.aspx

     

     

    Tuesday, March 18, 2008 11:33 AM