Office Communications Server requires certificates on each Enterprise Edition Server in order to use MTLS (TLS with mutual authentication). All Office Communications Servers use MTLS to communicate with one another. If you do not configure MTLS on each server, presence and IM communication may not work properly.
Each client will also need to trust the certificate that the server is using in order to connect to the server by using TLS. You can use the Certificates Wizard on an Enterprise Edition Front End Server, Web Conferencing Server, or Audio/Video Conferencing Server to do the following:
- Request, create, and assign a new Web certificate with enhanced
key usage for server authentication.
- Assign an existing certificate.
Tasks
- Configure Certificates on the Front End, Web Conferencing, and
Audio/Video Conferencing Servers
- Start the Services on the Front End, Web Conferencing, and
Audio/Video Conferencing Servers
Configure Certificates on the Front
End, Web Conferencing, and Audio/Video Conferencing Servers
Procedure W03-DWHO.26: To configure certificate on the Front End, Web Conferencing, and Audio/Video Conferencing Servers
-
Log on to OCSPOOLFE01, OCSPOOLCONF01, or OCSPOOLAV01 as Fabrikam\Administrator.
-
Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard. Open the Deploy Pools in an Expanded Topology page.
-
Do one of the following, depending on the type of the server:
- If you are logged on to a Front End Server (in the reference
architecture, OCSPOOLFE01), select Add Front End
Server.
- If you are logged on to a Web Conferencing Server (in the
reference architecture, OCSPOOLCONF01), select Add Web
Conferencing Server.
- If you are logged on to an Audio/Video Conferencing Server (in
the reference architecture, OCSPOOLAV01), select Add Audio/Video
Conferencing Server.
- If you are logged on to a Front End Server (in the reference
architecture, OCSPOOLFE01), select Add Front End
Server.
-
Next to Step 3:Configure Certificate, click Run.
-
On the Available certificates Tasks page, select Create a new certificate.
-
On the Delayed or Immediate Request page, select Send the request immediately to an online certification authority.
-
On the Name and Security Settings page, set the following information:
- Name: The name of the server you logged on to (in the reference
architecture, OCSPOOLFE01, OCSPOOLCONF01, or
OCSPOOLAV01).
- Bit length: The bit length that you want to use for encryption.
1024 is recommended.
- Clear the Mark cert as exportable check box.
- Name: The name of the server you logged on to (in the reference
architecture, OCSPOOLFE01, OCSPOOLCONF01, or
OCSPOOLAV01).
-
On the Organization Information page, type or select the name of your organization (for example, Fabrikam) and organizational unit (for example, Hosting).
-
On the Your Server's Subject Name page, do the following:
- In Subject Name, verify that the pool FQDN is
displayed.
- For this reference architecture, leave the Subject Alternate
Name field blank. Select the Automatically add local machine
name to Subject Alt Name check box.
- In Subject Name, verify that the pool FQDN is
displayed.
-
On the Geographical Information page, enter the Country/Region, State/Province and City/Locality. Do not use abbreviations.
-
On the Choose a Certification Authority page, the wizard attempts to automatically detect any CAs published in Active Directory. Click Select a certificate authority from the list detected in your environment, and then select PKIROOT.fabrikam.com\FabrikamCA from the list.
-
Complete the Certificate Wizard. On the Certificates Wizard completed successfully page, click Assign.
-
Repeat this procedure on other Front End, Web Conferencing, and Audio/Video Conferencing Servers.
Start the Services on the Front End,
Web Conferencing, and Audio/Video Conferencing Servers
Procedure W03-DWHO.27: To start the services on the Front End, Web Conferencing, and Audio/Video Conferencing Servers
-
Log on to OCSPOOLFE01, OCSPOOLCONF01, or OCSPOOLAV01 as Fabrikam\Administrator.
-
Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard. Open the Deploy Pools in an Expanded Topology page.
-
Do one of the following, depending on the type of the server:
- If you are logged on to a Front End Server (in the reference
architecture, OCSPOOLFE01), select Add Front End
Server.
- If you are logged on to a Web Conferencing Server (in the
reference architecture, OCSPOOLCONF01), select Add Web
Conferencing Server.
- If you are logged on to an Audio/Video Conferencing Server (in
the reference architecture, OCSPOOLAV01), select Add Audio/Video
Conferencing Server.
- If you are logged on to a Front End Server (in the reference
architecture, OCSPOOLFE01), select Add Front End
Server.
-
Next to 'Step 4:Start Services' click Run
-
Continue with the Start Services Wizard.
-
Repeat this procedure on other Front End, Web Conferencing, and Audio/Video Conferencing Servers.