Comments on: Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate Authority) http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/ Microsoft Office Communications Server - Tips, Tricks, and Insight Thu, 26 Jan 2012 18:22:01 -0500 http://wordpress.org/?v=2.8.3 hourly 1 By: Shakti Moudgil http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-9134 Shakti Moudgil Tue, 27 Sep 2011 23:29:58 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-9134 Hi Curtis, There is a user in our company server team give him Audio Video access on OCS, but while using his system user unable to use these features, then i recreate user profile on same system it not works. So i check on local admin on same system using his id it works. So, we check on other system using his id this feature works on his id. So will you suggest me what's the issue with his profile and need your suggestion on this. Please mail me on ershaktimoudgil@hotmail.com. Hi Curtis,

There is a user in our company server team give him Audio Video access on OCS, but while using his system user unable to use these features, then i recreate user profile on same system it not works. So i check on local admin on same system using his id it works. So, we check on other system using his id this feature works on his id. So will you suggest me what’s the issue with his profile and need your suggestion on this. Please mail me on ershaktimoudgil@hotmail.com.

]]> By: Shawn Harry http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-5414 Shawn Harry Sun, 30 Jan 2011 21:44:36 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-5414 Although not supported you can get OCS to work happily with a self signed certificate. The premise of the cert being trusted is no different than using Microsoft CA or any private CA. As long as the certificate is present in the Trusted Root of the "Computer" account it will work. For lab environments this is fine. Naturally though in production you would not want this scenario unless using auto enrolment. For the price of a certificate these days (which is cheap) it wouldn't be worth the hassle and of course it would be unsupported. Although not supported you can get OCS to work happily with a self signed certificate. The premise of the cert being trusted is no different than using Microsoft CA or any private CA. As long as the certificate is present in the Trusted Root of the “Computer” account it will work. For lab environments this is fine. Naturally though in production you would not want this scenario unless using auto enrolment. For the price of a certificate these days (which is cheap) it wouldn’t be worth the hassle and of course it would be unsupported.

]]> By: Communicator Sign-In Problems After OCS Certificate Renewal « Inside OCS http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-3269 Communicator Sign-In Problems After OCS Certificate Renewal « Inside OCS Wed, 18 Aug 2010 15:40:51 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-3269 [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate... [...] [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

]]> By: Curtis Johnstone http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-2771 Curtis Johnstone Sat, 12 Jun 2010 02:25:34 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-2771 Certificates can be frustrating. Once you get them working it's all worth it :-). I'll send you an email and see if we can get it working. Certificates can be frustrating. Once you get them working it’s all worth it :-) . I’ll send you an email and see if we can get it working.

]]> By: pslager http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-2765 pslager Fri, 11 Jun 2010 17:23:08 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-2765 My Computer is the only one that will automatically sign into OCS 2007 R2. Every other computer gets a certificate error: Error Viewing the Certificate. I tried taking the OCS pool certificate and exporting it, and installing it on all of the clients and it says it installs but I cant find the certificate in the MMC console after I do it. I am starting to hate OCS and all of these certificates. My Computer is the only one that will automatically sign into OCS 2007 R2. Every other computer gets a certificate error: Error Viewing the Certificate. I tried taking the OCS pool certificate and exporting it, and installing it on all of the clients and it says it installs but I cant find the certificate in the MMC console after I do it. I am starting to hate OCS and all of these certificates.

]]> By: The OCS 2007 Automatic Sign-In Troubleshooting Tool V1.0 « Inside OCS http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-120 The OCS 2007 Automatic Sign-In Troubleshooting Tool V1.0 « Inside OCS Wed, 29 Jul 2009 16:24:58 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-120 [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate... Possibly related posts: (automatically generated)Automatic Office Communicator Sign-In (Part 1 – The Correct DNS Service L… [...] [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… Possibly related posts: (automatically generated)Automatic Office Communicator Sign-In (Part 1 – The Correct DNS Service L… [...]

]]> By: Automatic Office Communicator Sign-In (Part 1 – The Correct DNS Service Location (SRV) Record) « Inside OCS http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-115 Automatic Office Communicator Sign-In (Part 1 – The Correct DNS Service Location (SRV) Record) « Inside OCS Fri, 24 Jul 2009 21:36:51 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-115 [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate... [...] [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

]]> By: DNS Records and Office Communicator Automatic Client Sign-In « Inside OCS http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-114 DNS Records and Office Communicator Automatic Client Sign-In « Inside OCS Fri, 24 Jul 2009 21:33:33 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-114 [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate... [...] [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

]]> By: Automatic Office Communicator Sign-In (Part 2 – ensuring the correct Subject Name on the Certificate) « Inside OCS http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-122 Automatic Office Communicator Sign-In (Part 2 – ensuring the correct Subject Name on the Certificate) « Inside OCS Fri, 24 Jul 2009 21:16:58 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-122 [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate... [...] [...] Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate… [...]

]]> By: Curtis Johnstone http://blog.insideocs.com/2008/09/23/making-automatic-office-communicator-sign-in-work-part-3-%e2%80%93-ensuring-the-client-trusts-the-issuing-certificate-authority/comment-page-1/#comment-124 Curtis Johnstone Tue, 30 Jun 2009 15:24:18 +0000 http://ocsbuzz.wordpress.com/?p=92#comment-124 I don't know the details of the $30 certificate you mention, but $30 sounds too good to be true in my experience. I would be surprised if it met all the requirements of a UCC certificate. Generally speaking, to use a certificate on an OCS 2007 Front-End, the certificate should be a Web certificate with Enhanced Key Usage for server authentication. If you submit the certificate request to your CA (GoDaddy) by generating a Certificate Signing Request (CSR) using the OCS 2007 Certificate Wizard, the necessary requirements should be included in that request. I have first-hand experience, and have heard from others, that DigiCert offers a cost effective UCC certificate (that is not an endorsement plug for <a href="http://www.digicert.com/unified-communications-ssl-tls.htm" rel="nofollow">DigiCert</a>; just relaying my experience). Also, Microsoft has a list of CA's that issue UCC certificates for Exchange and OCS in this Knowledge Base Article: <a href="http://support.microsoft.com/kb/929395" rel="nofollow">Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007</a>. Note: for the Web Components Server, you should use the IIS certificate wizard. See Section 3.7 (Configure the Web Components Server IIS Certificate) in the <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=53F65DC9-09DC-4748-81F7-48457469E550" rel="nofollow">OCS 2007 Deployment Guide </a>for more information. I don’t know the details of the $30 certificate you mention, but $30 sounds too good to be true in my experience. I would be surprised if it met all the requirements of a UCC certificate. Generally speaking, to use a certificate on an OCS 2007 Front-End, the certificate should be a Web certificate with Enhanced Key Usage for server authentication.

If you submit the certificate request to your CA (GoDaddy) by generating a Certificate Signing Request (CSR) using the OCS 2007 Certificate Wizard, the necessary requirements should be included in that request. I have first-hand experience, and have heard from others, that DigiCert offers a cost effective UCC certificate (that is not an endorsement plug for DigiCert; just relaying my experience).

Also, Microsoft has a list of CA’s that issue UCC certificates for Exchange and OCS in this Knowledge Base Article: Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007.

Note: for the Web Components Server, you should use the IIS certificate wizard. See Section 3.7 (Configure the Web Components Server IIS Certificate) in the OCS 2007 Deployment Guide for more information.

]]>