If you have recently renewed the certificate on your OCS Front-End and are having Communicator sign-in issues with some clients, you might want to check that those client machines have an updated list of trusted Root CA’s on their client machine.
Some Certificate Authorities change certificate details such as the name in the “Issue By” field when a certificate is renewed, which will cause Communicator to give the infamous: “There was a problem verifying the certificate from the server. Please contact your system administrator” error. Other changes can cause certificate cross-signing issues.
If you suspect that this is the case, check the details of your old certificate and new certificate and contact your Certificate Authority if there was a change.
Some CA’s such as digicert have test websites that clients can point their browser to and check whether this CA is trusted by their client machine. See digicert Trusted Root Authority Certificates for an example.
Microsoft has a package that client machines can download to update the trusted CA list: Windows root certificate program members has a link to an update package that clients can download to update the trusted root CA list.
More Information
- OCS Mac Messenger Certificate Trust Errors with Digicert (Brian Desmond Blog entry)
- Automatic Office Communicator Sign-In (Part 3 – ensuring the client trusts the issuing Certificate Authority)
- digicert Trusted Root Authority Certificates
- digicert – Intermediate Certificate Troubleshooting
Twitter
LinkedIn
As a customer, and the fact you mention them in your article, I have to say that Digicert are an excellent company to do business with. They automatically check any cert you buy and install and if they find any issues their support first class.