none
We couldn't join you to the meeting because the security certificate isn't trusted RRS feed

  • Question

  • HI

    I have users who are getting the above error.

    The certificate was renewed recently by another admin so i think this is the issue. If the users browses to their Lyncpool URL, they get a certificate error. Should the lyncpool url be in the SAN of the cert? 

    Cheers

    Shane

    Tuesday, January 31, 2017 4:25 PM

All replies

  • For internal users SFB generates a self signed cert that is issued by the Cert CA 

    Yes, the Lync pool server FQDN should be registered in SAN

    Tuesday, January 31, 2017 4:29 PM
  • Thanks for the reply.

    What about the lyncpool URL, does this need to be in the cert as well as the server FQDN?

    Cheers

    Shane

    Wednesday, February 1, 2017 8:38 AM
  • The SSL cert internally that is generated by the Internal CA should have below info under SAN:-

    

    The second DNS name is the FE server pool FQDN

    Also, you might want to check if there are any Non-Self signed certs and expired certs in "Trusted root store". If yes, then you to clear them 

    Are the users getting the cert issues internally or externally or both?

    Wednesday, February 1, 2017 9:23 AM
  • So i have quite a few lines of info under SAN in our cert. What i am asking is, does the lyncpool url set under the users properties under the resgistrar pool heading, have to be in the certificate?

    

    Wednesday, February 1, 2017 9:37 AM
  • Yes, it has to be That is what i was referring as FQDN of FE lync pool 
    Wednesday, February 1, 2017 9:57 AM
  • OK great, thanks for confirming. We have users that use multiple pools so wasn't sure. So one german users use a separate pool and their url is not in the cert, so this would be why they are getting the error above.
    Wednesday, February 1, 2017 10:02 AM
  • That is correct bcz it is not following the SSL cert in which the pool is to be mentioned. The pool is assigned an internal SSL cert which allows users to make use of Presence, meet, join, dail the meeting via SFB.

    Let us know once you add the pool to the SSL cert and validate the resolution. Awaiting your response

    Have a good one 

    Wednesday, February 1, 2017 10:07 AM
  • The pool FQDN needs to be the subject name on the certificate as well as in the SAN field.

    Wednesday, February 1, 2017 2:11 PM