Each Edge Server must have a certificate for mutual TLS (MTLS) communication with internal servers.
To set up a certificate on the internal interface of Edge Servers at one site, follow these steps:
- Step 1: Download the certification authority (CA) certification
path for the internal interface to each Edge Server. This step can
be performed now, and the instructions are in this topic.
Note: Steps 2 through 8 are performed during the Edge Server installation process. For more details about these steps, see Set Up Certificates for the Internal Interface.
- Step 2: Import the CA certification path for the internal
interface, on each Edge Server.
- Step 3: Verify that the CA is in the list of trusted root CAs,
on each Edge Server.
- Step 4: Create the certificate request for the internal
interface, on one Edge Server, called the first Edge Server.
- Step 5: Import the certificate for the internal interface on
the first Edge Server.
- Step 6: Export the certificate, using the first Edge Server.
- Step 7: Import the certificate on the other Edge Servers at
this site (or deployed behind this load balancer).
- Step 8: Assign the certificate for the internal interface of
every Edge Server.
To download the CA certification path for the internal interface
With your Enterprise root CA offline and your Enterprise subordinate (that is, issuing) CA Server online, log on to an Office Communications Server 2007 R2 server in the internal network (that is, notthe Edge Server) as a member of the Administrators group.
Click Start, click Run, type https://<name of your Issuing CA Server>/certsrv(if you are using Windows Server 2008) or http://<name of your Issuing CA Server>/certsrv(for Windows Server 2003), and then click OK.
Under Select a task, click Download a CA certificate, certificate chain, or CRL.
Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA certificate chain.
In the File Downloaddialog box, click Save.
Save the .p7b file to the hard drive on the server, and then copy it to a folder on each Edge Server.
Note: The .p7b file contains all of the certificates that are in the certification path. To view the certification path, open the server certificate and click the certification path.