none
TMG As a Reverse Proxy for Lync Mobility

    Question

  • Hey all-

    I am deploying TMG in my environment to be used strictly as a reverse proxy for Lync Mobility. I am following this article: http://www.darylhunter.me/blog/2011/11/lync-2010-reverse-proxy-part-3.html for the installation and configuration.


    I am at the certificates step for the Web Listener and TMG isn't finding any certificates on my machine. I have installed 2 certificates I use for Lync, one private cert for the Front End server and one public cert for the Edge server's external interface. I have installed/imported both into the Trusted Root folder. Is that wrong? Are these not the right certs? This is holding me up as I cannot proceed through the walkthrough from here. It seems I need a cert coming somewhere from Lync. The article mentions a 'public certificate for the Front End' but I only have a private cert on my Front End, it only uses the 1 and it works fine.


    • Edited by Sam Edson Monday, April 02, 2012 4:02 PM
    Monday, April 02, 2012 3:59 PM

Answers

  • the public certificate need to be installed into the Personal store in the (Local Computer)

    Regards, Rmknight

    • Marked as answer by Sam Edson Tuesday, April 03, 2012 5:00 PM
    Monday, April 02, 2012 4:08 PM
  • Use the following steps

    In order to view the Certificates store on the local computer, perform the following steps:
    1. Click Start, and then click Run.
    2. Type "MMC.EXE" (without the quotation marks) and click OK.
    3. Click Console in the new MMC you created, and then click Add/Remove Snap-in.
    4. In the new window, click Add.
    5. Highlight the Certificates snap-in, and then click Add.
    6. Choose the Computer option and click Next.
    7. Select Local Computer on the next screen, and then click OK.
    8. Click Close , and then click OK.
    9. You have now added the Certificates snap-in, which will allow you to work with any certificates in your computer's certificate store. You may want to save this MMC for later use.
    Now that you have access to the Certificates snap-in, you can import the server certificate into you computer's certificate store by following these steps:
    1. Open the Certificates (Local Computer) snap-in and navigate to Personal, and then Certificates.

      Note: Certificates may not be listed. If it is not, that is because there are no certificates installed.
    2. Right-click Certificates (or Personal if that option does not exist.)
    3. Choose All Tasks, and then click Import.
    4. When the wizard starts, click Next. Browse to the PFX file you created containing your server certificate and private key. Click Next.
    5. Enter the password you gave the PFX file when you created it. Be sure the Mark the key as exportable option is selected if you want to be able to export the key pair again from this computer. As an added security measure, you may want to leave this option unchecked to ensure that no one can make a backup of your private key.
    6. Click Next, and then choose the Certificate Store you want to save the certificate to. You should select Personal because it is a Web server certificate. If you included the certificates in the certification hierarchy, it will also be added to this store.
    7. Click Next. You should see a summary of screen showing what the wizard is about to do. If this information is correct, click Finish.
    8. You will now see the server certificate for your Web server in the list of Personal Certificates. It will be denoted by the common name of the server (found in the subject section of the certificate).

    Regards, Rmknight

    • Marked as answer by Sam Edson Tuesday, April 03, 2012 5:00 PM
    Monday, April 02, 2012 4:13 PM

All replies

  • the public certificate need to be installed into the Personal store in the (Local Computer)

    Regards, Rmknight

    • Marked as answer by Sam Edson Tuesday, April 03, 2012 5:00 PM
    Monday, April 02, 2012 4:08 PM
  • Use the following steps

    In order to view the Certificates store on the local computer, perform the following steps:
    1. Click Start, and then click Run.
    2. Type "MMC.EXE" (without the quotation marks) and click OK.
    3. Click Console in the new MMC you created, and then click Add/Remove Snap-in.
    4. In the new window, click Add.
    5. Highlight the Certificates snap-in, and then click Add.
    6. Choose the Computer option and click Next.
    7. Select Local Computer on the next screen, and then click OK.
    8. Click Close , and then click OK.
    9. You have now added the Certificates snap-in, which will allow you to work with any certificates in your computer's certificate store. You may want to save this MMC for later use.
    Now that you have access to the Certificates snap-in, you can import the server certificate into you computer's certificate store by following these steps:
    1. Open the Certificates (Local Computer) snap-in and navigate to Personal, and then Certificates.

      Note: Certificates may not be listed. If it is not, that is because there are no certificates installed.
    2. Right-click Certificates (or Personal if that option does not exist.)
    3. Choose All Tasks, and then click Import.
    4. When the wizard starts, click Next. Browse to the PFX file you created containing your server certificate and private key. Click Next.
    5. Enter the password you gave the PFX file when you created it. Be sure the Mark the key as exportable option is selected if you want to be able to export the key pair again from this computer. As an added security measure, you may want to leave this option unchecked to ensure that no one can make a backup of your private key.
    6. Click Next, and then choose the Certificate Store you want to save the certificate to. You should select Personal because it is a Web server certificate. If you included the certificates in the certification hierarchy, it will also be added to this store.
    7. Click Next. You should see a summary of screen showing what the wizard is about to do. If this information is correct, click Finish.
    8. You will now see the server certificate for your Web server in the list of Personal Certificates. It will be denoted by the common name of the server (found in the subject section of the certificate).

    Regards, Rmknight

    • Marked as answer by Sam Edson Tuesday, April 03, 2012 5:00 PM
    Monday, April 02, 2012 4:13 PM
  • Hi,

    Please check this link,

    http://www.msserverpro.com/view/1104 

    I hope you will get your answer.

    Thanks,


    Best Regards, ----Naresh Man Maharjan,Nepal---- www.msserverpro.com

    Tuesday, April 03, 2012 8:16 AM