Problem getting certificates to work with office communicator server 2007 enterprise. RRS feed

  • Question

  • Hi!

    I'm currently having big problems getting the server to work properly with a certificate.

    Is there an easy solution on how to install a test certificate so I could atleast test the client-server connection.

    Currently I have the server hosting the OFC server installation also running Certificate Authority.

    By running the "Configure Certificate" option from the installation CD and requesting a certificate from the localhost CA allowed me to get the services started.

    But now the client is saying that "There was a problem verifying the certificate from the server."

    Event view has "
    Communicator could not connect securely to server because the certificate presented by the server was not trusted due to validation error 0x80090325. The issuing certificate authority (CA) for the server's certificate may not be locally trusted by the client, the certificate may be revoked, or the certificate may have expired."

    Any ideas?

    -- Ville
    Tuesday, February 17, 2009 2:40 PM

All replies

  • Yep - you need to install the certificate authority's root certificate on any client that will be connecting to OCS. The client must trust the CA before it will sign in.

    You can manually install the certificate, push it via GPO or publish it to Active Directory.
    Tuesday, February 17, 2009 6:16 PM
  • Just as a quick sidequestion, if the pool has a FQDN of tre-ofc.mydomain.local and the actual server is ofc.mydomain.local, which one should I use as FQDN on the certificates? Or does it matter? We are only using one server and one pool for the installation.

    -- Ville
    Wednesday, February 18, 2009 8:47 AM
  • You must add both names to the certificate
    The wizard will let you do that!
    Then one of the names will be in the SAN (subject alternate name) list

    Not sure if installing a Certificate Authority is supported on an OCS Server

    - Belgian Exchange Community : http://www.pro-exchange.be -
    Wednesday, February 18, 2009 12:16 PM
  • Hello,

    For the certificates, it is always recommended to use pool name along with add local server name to certificate during the wizard.

    Satpal Kataria- HCL Comnet
    Monday, February 23, 2009 7:41 PM
  • You just need to ensure you have SAN enabled on your CA servers.
    Wednesday, February 25, 2009 9:34 PM