11 comments to Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate Authority)

  • Shakti Moudgil

    Hi Curtis,

    There is a user in our company server team give him Audio Video access on OCS, but while using his system user unable to use these features, then i recreate user profile on same system it not works. So i check on local admin on same system using his id it works. So, we check on other system using his id this feature works on his id. So will you suggest me what’s the issue with his profile and need your suggestion on this. Please mail me on ershaktimoudgil@hotmail.com.

  • Although not supported you can get OCS to work happily with a self signed certificate. The premise of the cert being trusted is no different than using Microsoft CA or any private CA. As long as the certificate is present in the Trusted Root of the “Computer” account it will work. For lab environments this is fine. Naturally though in production you would not want this scenario unless using auto enrolment. For the price of a certificate these days (which is cheap) it wouldn’t be worth the hassle and of course it would be unsupported.

  • Certificates can be frustrating. Once you get them working it’s all worth it :-) . I’ll send you an email and see if we can get it working.

  • pslager

    My Computer is the only one that will automatically sign into OCS 2007 R2. Every other computer gets a certificate error: Error Viewing the Certificate. I tried taking the OCS pool certificate and exporting it, and installing it on all of the clients and it says it installs but I cant find the certificate in the MMC console after I do it. I am starting to hate OCS and all of these certificates.

  • I don’t know the details of the $30 certificate you mention, but $30 sounds too good to be true in my experience. I would be surprised if it met all the requirements of a UCC certificate. Generally speaking, to use a certificate on an OCS 2007 Front-End, the certificate should be a Web certificate with Enhanced Key Usage for server authentication.

    If you submit the certificate request to your CA (GoDaddy) by generating a Certificate Signing Request (CSR) using the OCS 2007 Certificate Wizard, the necessary requirements should be included in that request. I have first-hand experience, and have heard from others, that DigiCert offers a cost effective UCC certificate (that is not an endorsement plug for DigiCert; just relaying my experience).

    Also, Microsoft has a list of CA’s that issue UCC certificates for Exchange and OCS in this Knowledge Base Article: Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007.

    Note: for the Web Components Server, you should use the IIS certificate wizard. See Section 3.7 (Configure the Web Components Server IIS Certificate) in the OCS 2007 Deployment Guide for more information.

  • Josh

    Great article.
    I went with a enterprise setup, and chose to purchase a normal SSL Cert with GoDaddy. I was able to install it successfully and now that I am ready to test Office communicator, when trying to sign in, I get

    “There was a problem verifying the certificate from the server. Please contact your system administrator.”

    The SRV record is set.
    DNS is set.

    The only thing I’m confused about is the Installation wizard, when runnning the certificate piece wanted to put a Subject Alternate Name for SIP, which I did: sip.domain.com, but of course it wasn’t a UCC Cert that I purchased. ANy issues there? Would a normal 30$ cert be able to append a SAN to it? SHould this work for the Front End server, and then I could purchase a UCC for any additional servers like Edge’s, etc?

    Godaddy has been no help.

  • [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

  • [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… Possibly related posts: (automatically generated)Automatic Office Communicator Sign-In (Part 1 – The Correct DNS Service L… [...]

  • [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

  • [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

  • [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>