Each Edge Server must have a certificate for mutual TLS (MTLS) communication with internal servers.

To set up a certificate on the internal interface of Edge Servers at one site, follow these steps:

To download the CA certification path for the internal interface

  1. With your Enterprise root CA offline and your Enterprise subordinate (that is, issuing) CA Server online, log on to an Office Communications Server 2007 R2 server in the internal network (that is, notthe Edge Server) as a member of the Administrators group.

  2. Click Start, click Run, type https://<name of your Issuing CA Server>/certsrv(if you are using Windows Server 2008) or http://<name of your Issuing CA Server>/certsrv(for Windows Server 2003), and then click OK.

  3. Under Select a task, click Download a CA certificate, certificate chain, or CRL.

  4. Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA certificate chain.

  5. In the File Downloaddialog box, click Save.

  6. Save the .p7b file to the hard drive on the server, and then copy it to a folder on each Edge Server.

    Note:
    The .p7b file contains all of the certificates that are in the certification path. To view the certification path, open the server certificate and click the certification path.

See Also

Tasks

Set Up Certificates for the Internal Interface

Other Resources

Certificate Requirements for External User Access