none
GoDaddy CA Root and certificate purposes

    Question

  • Hello,
    sometimes I encounter issues with Lync functionalities (e.d. Online Meeting, etc...);

    Lync Environment: one Lync Server EDGE and one Lync Server Frontend
    SSL Certificate: GoDaddy Multiple Domains UCC (Up to 5 domains)

    After an investigation I found they are related to disabled purposes for GoDaddy CA Root on Lync servers.

    As I know by Microsoft Technical Support, Lync needs both Server Authentication and Client Authentication purposes enabled for certificate CA Root to work fine.
    Server Authentication and Secure Email are enabled by default only; so I set Server and Client Authentication only by modifying it and all work fine. After x-time it reset again to default and some Lync functionalities stop working again.

    Is this a known issue ?

    Below some screenshot to better understand.

    SSL Certificate path:

    GoDaddy CA Root purposes:

    Notes:

    • I already contacted GoDaddy technical support and they suggested to contact Microsoft
    • Maybe certificates issued by GoDaddy are not supported by Microsoft Lync but I read a lot of people don't have any problem using it
    • Maybe SSL certificate purposes are reset during Certificate Trust Lists check made by Operating System, but I don't like to disable it

    Thank you,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, June 12, 2012 4:45 PM

Answers

  • Hi,

    Go Daddy is not an officially supported Certificate provider so it may cause certain unknown issues. You may need to disable Certificate Trust Lists check or add a certificate to the CTL to get it work.

    http://support.microsoft.com/kb/313071


    Regards,

    Kent Huang

    TechNet Community Support ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.


    • Edited by Kent-Huang Friday, June 15, 2012 6:02 AM
    • Proposed as answer by Kent-Huang Tuesday, July 03, 2012 6:58 AM
    • Marked as answer by Kent-Huang Wednesday, July 04, 2012 9:42 AM
    Friday, June 15, 2012 6:02 AM

All replies

  • Go Daddy is not an officially supported Certificate provider for Unified Communications Certificates.

    Please use on from the following list
    http://support.microsoft.com/kb/929395


    - Belgian Unified Communications Community : http://www.pro-lync.be -

    Tuesday, June 12, 2012 6:45 PM
  • Hello Johan,
    I already knew GoDaddy is not officially supported for OCS (thank you for link you provided - I didn't remember) but my Lync Environment works fine if purposes for CA Root are correctly and manually set and also...see second point in Notes section (on bottom of my first post).

    Thank you,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, June 12, 2012 7:17 PM
  • Hi,

    Go Daddy is not an officially supported Certificate provider so it may cause certain unknown issues. You may need to disable Certificate Trust Lists check or add a certificate to the CTL to get it work.

    http://support.microsoft.com/kb/313071


    Regards,

    Kent Huang

    TechNet Community Support ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.


    • Edited by Kent-Huang Friday, June 15, 2012 6:02 AM
    • Proposed as answer by Kent-Huang Tuesday, July 03, 2012 6:58 AM
    • Marked as answer by Kent-Huang Wednesday, July 04, 2012 9:42 AM
    Friday, June 15, 2012 6:02 AM
  • We are having the same issue.  The link in the answer is broken.  Is the information avaiable anywhere else?

    Thursday, December 05, 2013 1:39 PM
  • Hello David,
    the link is broken because maybe GoDaddy is now supported.

    Do you have the same issue as mine ? I solved by changing the Go Daddy Intermediate & Trusted Root Certificate.

    Lync 2013 External

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

    Thursday, December 05, 2013 1:50 PM
  • Hi Luca,

    I changed the properties of the intermediate and trusted root certificates so all purposes are enabled for both certificates, but after restarting the servers the properties always change back. 

    Are GoDaddy now supported?  I've been looking at this list: http://support.microsoft.com/kb/929395/en-us If they are supported I will take it up with Microsoft support.

    Thanks for your thoughts.

    David.

    Monday, December 16, 2013 5:15 PM