locked
error verifying the certificate RRS feed

  • Question

  • I've installed OCS Communications Server 2007 Standard (EVAL).  The setup finished correctly, including the server test.
    I've installed Office Communicator 2007 in two clients and both of them have certificate error when I try to sign in: "Communicator could not connect securely to server urm.areatres.org because the certificate presented by the server was not trusted due to validation error 0x80ee0065.  The issuing certificate authority (CA) for the server's certificate may not be locally trusted by the client, the certificate may be revoked, or the certificate may have expired."
    I've tried many things: the CA certificate is in the local PC, also the server certificate, etc.
    Any ideas what else can I do?
    Thanks,
    Antonio
    Monday, November 12, 2007 11:41 AM

Answers

  • It seems that Office Communicator and/or OCS needs the "Revocation Lists" of the CA, not only the root and intermediate certificate.  After I installed the ".CLR" file all is running ok.
    Very important, because CACert is the only CA free I known.
    Antonio
    Monday, November 26, 2007 4:25 PM

All replies

  • If the certificate you issed to the OCS server can from an internal Windows Enterprise Certificate Authority then are the client computers an active member of the same forest domain?  That internal CA's root certificate must be located in the local computer's store, typically in the Trusted Root Certification Authorities folder.

     

    Also have you verfied that the issued certificate is NOT in fact somehow expired or revoked? (Just stating the obvious Smile )
    Monday, November 12, 2007 12:54 PM
    Moderator
  • The certificate is from a CA Authority (CACert.org).  Very useful because certificates are free!
    The root certificate from CACert is installed in the local computer's store of each client machine.
    Also the server certicate.
    Antonio
    Monday, November 12, 2007 1:34 PM
  • I had to use the Reskit script to add the trusted server.

    cscript ocstrustentry.vbs /add: etc

     

    Once added the cert error went away.

    Thursday, November 15, 2007 2:09 AM
  • I've use the script with the List option and it's correct.
    I think there is some problem with CACert.org certificates (validation authority), because I've tried with trial certificates from Comodo and Verisign and all runs fine!
    Any idea?
    Thursday, November 15, 2007 9:53 AM
  • It seems that Office Communicator and/or OCS needs the "Revocation Lists" of the CA, not only the root and intermediate certificate.  After I installed the ".CLR" file all is running ok.
    Very important, because CACert is the only CA free I known.
    Antonio
    Monday, November 26, 2007 4:25 PM
  • I am using LCS 2005 server.

    I am trying to coonect to sever programatically using UCC API.

     

    But gives me error of Invalid Certificate, Even the login from communicator server is successfully. But programatically not works.

     

    Machine is in same domain & we r connecting using TLS.

     

    Can u give some solution for that?

     

    Monday, February 11, 2008 8:20 AM