Office Communications Server requires certificates on each Enterprise Edition Server in order to use MTLS (TLS with mutual authentication). All Office Communications Servers use MTLS to communicate with one another. If you do not configure MTLS on each server, presence and IM communication may not work properly.

Each client will also need to trust the certificate that the server is using in order to connect to the server by using TLS. You can use the Certificates Wizard on an Enterprise Edition Front End Server, Web Conferencing Server, or Audio/Video Conferencing Server to do the following:

Tasks

  1. Configure Certificates on the Front End, Web Conferencing, and Audio/Video Conferencing Servers
  2. Start the Services on the Front End, Web Conferencing, and Audio/Video Conferencing Servers

Configure Certificates on the Front End, Web Conferencing, and Audio/Video Conferencing Servers

Procedure W08-DWHO.26: To configure certificate on the Front End, Web Conferencing, and Audio/Video Conferencing Servers

  1. Log on to OCSPOOLFE01, OCSPOOLCONF01, or OCSPOOLAV01 as Fabrikam\Administrator.

  2. Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard. Open the Deploy Pools in an Expanded Topology page.

  3. Do one of the following, depending on the type of the server:

    • If you are logged on to a Front End Server (in the reference architecture, OCSPOOLFE01), select Add Front End Server.
    • If you are logged on to a Web Conferencing Server (in the reference architecture, OCSPOOLCONF01), select Add Web Conferencing Server.
    • If you are logged on to an Audio/Video Conferencing Server (in the reference architecture, OCSPOOLAV01), select Add Audio/Video Conferencing Server.
  4. Next to Step 3:Configure Certificate, click Run.

  5. On the Available certificates Tasks page, select Create a new certificate.

  6. On the Delayed or Immediate Request page, select Send the request immediately to an online certification authority.

  7. On the Name and Security Settings page, set the following information:

    • Name: The name of the server you logged on to (in the reference architecture, OCSPOOLFE01, OCSPOOLCONF01, or OCSPOOLAV01).
    • Bit length: The bit length that you want to use for encryption. 1024 is recommended.
    • Clear the Mark cert as exportable check box.
  8. On the Organization Information page, type or select the name of your organization (for example, Fabrikam) and organizational unit (for example, Hosting).

  9. On the Your Server's Subject Name page, do the following:

    • In Subject Name, verify that the pool FQDN is displayed.
    • For this reference architecture, leave the Subject Alternate Name field blank. Select the Automatically add local machine name to Subject Alt Name check box.
  10. On the Geographical Information page, enter the Country/Region, State/Province and City/Locality. Do not use abbreviations.

  11. On the Choose a Certification Authority page, the wizard attempts to automatically detect any CAs published in Active Directory. Click Select a certificate authority from the list detected in your environment, and then select PKIROOT.fabrikam.com\FabrikamCA from the list.

  12. Complete the Certificate Wizard. On the Certificates Wizard completed successfully page, click Assign.

  13. Repeat this procedure on other Front End, Web Conferencing, and Audio/Video Conferencing Servers.

Start the Services on the Front End, Web Conferencing, and Audio/Video Conferencing Servers

Procedure W08-DWHO.27: To start the services on the Front End, Web Conferencing, and Audio/Video Conferencing Servers

  1. Log on to OCSPOOLFE01, OCSPOOLCONF01, or OCSPOOLAV01 as Fabrikam\Administrator.

  2. Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard. Open the Deploy Pools in an Expanded Topology page.

  3. Do one of the following, depending on the type of the server:

    • If you are logged on to a Front End Server (in the reference architecture, OCSPOOLFE01), select Add Front End Server.
    • If you are logged on to a Web Conferencing Server (in the reference architecture, OCSPOOLCONF01), select Add Web Conferencing Server.
    • If you are logged on to an Audio/Video Conferencing Server (in the reference architecture, OCSPOOLAV01), select Add Audio/Video Conferencing Server.
  4. Next to 'Step 4:Start Services' click Run

  5. Continue with the Start Services Wizard.

  6. Repeat this procedure on other Front End, Web Conferencing, and Audio/Video Conferencing Servers.