none
Change the active certificates on OCS 2007 Edge server

    Question

  • Hi,

    Our certificates for the A/V Conference and Web Conference roles on our Communicator 2007 Edge Server are expiring soon, and we want to replace them with a single wildcard certificate. How do you change which certificates are assigned to these roles? I know how to initially set this up on a new server, but don't know how to change the existing certificates.

    Thanks for your help.

    Wednesday, January 11, 2012 1:05 AM

Answers

All replies

  • You might want to rethink that, wildcard certificates are not supported in OCS.
    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    Wednesday, January 11, 2012 1:10 AM
  • I've done some research, and there seem to be conflicting opinions on this. Some people are saying that the FQDN must include the server name, whereas others say it isn't necessary.

    The current ones we use are ocsav.domain.com and ocswebconf.domain.com, so it seems like it should be possible.

    Wednesday, January 11, 2012 5:07 PM
  • I can say that having a wildcard in the subject name of the certificate is not supported.  This will break MTLS.  You don't need the ocsav from an external perspective., but will need an A/V Authentication cert.  You will need basically 4 certs on the Edge:

    • Access Edge (public)
    • Web Conf Edge (public)
    • A/V Authentication (private)
    • Edge Internal (private)

    See: http://technet.microsoft.com/en-us/library/bb870338(office.12).aspx


    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    • Marked as answer by StephenBates Wednesday, January 11, 2012 6:47 PM
    Wednesday, January 11, 2012 6:30 PM
  • Thanks for your help. It seems that separate certificates are indeed necessary for OCS Edge servers.
    Wednesday, January 11, 2012 6:49 PM