The following sections summarize the certificate requirements for the external interface of your edge servers and detail the specific requirements for each topology. For a list of public certificate authorities that provide certificates that comply with specific requirements for Unified Communications certificates and have partnered with Microsoft to ensure they work with the Office Communications Server Certificate Wizard, see the Microsoft Web site at http://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=SupportedCAs.
Tasks
- Certificate Requirements for the External Interface
- Request and Assign Certificates for the External
Interfaces
- Assign Certificate for A/V Authentication
Certificate Requirements for the
External Interface
The following table summarizes the certificate requirements for the external interface of each edge server role in the consolidated edge topology.
Table: External Certificates for the edge server in the consolidated edge topology
|
Server role |
Certificate |
|
Access Edge Server |
A public certificate configured on the external interface with a subject name that matches the external FQDN of the Access Edge server: sip.consolidatedmessenger.com |
|
Web Conferencing Edge Server |
A public certificate configured on the external interface that matches the external FQDN of the Web Conferencing Edge Server: webconf.consolidatedmessenger.com |
|
A/V Edge Server |
Not required * |
 Note: |
|---|
| A separate A/V authentication certificate is required for the A/V Edge Server role, but this certificate is not interface dependent. |
Request and Assign Certificates for
the External Interfaces
Procedure W03-DWHO.42: To request and assign certificates for the external interface
-
Follow the steps in the section entitled "Configuring the Certificates on the External Interfaces" in the document Microsoft Office Communications Server 2007 Edge Server Deployment Guide to use the Configure Certificates for the Edge Server wizard to achieve the following:
- Create certificate requests for the following interfaces:
- Access Edge Server Public Interface: Set the Subject
Name to the external FQDN for the Access Edge role:
sip.consolidatedmessenger.com
- Web conferencing Edge Server Public Interface: Set the
Subject Name to the external FQDN for the Web Conferencing
role: webconf.consolidatedmessenger.com
- Access Edge Server Public Interface: Set the Subject
Name to the external FQDN for the Access Edge role:
sip.consolidatedmessenger.com
- Submit the requests to your public CA.
- Import the certificates on the Edge Server
- Assign the certificates to the appropriate external interfaces
for each edge server role.
- Create certificate requests for the following interfaces:
Assign Certificate for A/V
Authentication
In this step you will assign the existing private (internal) certificate for the edge server for use in A/V Authentication.
Procedure W03-DWHO.43: To assign certificate for A/V authentication
-
On OCSEDGEAV01, from the Office Communications Server 2007 deployment wizard, on the Deploy Edge Server page, next to Step 4: Configure Certificates for the Edge Server, click Run to start the Communications Certificate Wizard.
-
On the Available Certificate Tasks page, select Assign an Existing Certificate.
-
On the Available Certificates page, select the internal certificate for the edge server (for example, ocsedgeav01.fabrikam.com).
-
On the Available Certificate Assignments page, select A/V Authentication Certificate.