This section describes the procedures for requesting a certificate from a public certification authority (CA). If you need to generate an offline request or you are using a public CA, use the following set of instructions to request and process the certificate.

To request the certificate

  1. On the server on which you have installed Office Communications Server, click Start, click Programs, click Administrative Tools, and then click Office Communications Server 2007 R2.

  2. In the snap-in, expand the nodes until you reach the Enterprise Edition server or Standard Edition server that you installed.

  3. Right-click the server name, and then click Certificates.

  4. On the Welcome to the Certificate Wizardpage, click Next.

  5. On the Available Certificate Taskspage, click Create a new certificate, and then click Next.

  6. On the Delayed or Immediate Requestpage, click Prepare the request now, but send it later, and then click Next.

  7. On the Name and Security Settingspage, do the following:

    • Under Name, type a meaningful name for the certificate that this server will use for Office Communications Server communications. For example, you can use the pool fully qualified domain name (FQDN) or the server name as the certificate name.

    • Under Bit length, select the bit length that you want to use for encryption.

      Note:
      A higher bit length is more secure, but it can degrade performance.
    • Clear the Mark cert as exportablecheck box.

  8. Click Next.

  9. On the Organization Informationpage, type or select the name of your organization or organizational unit, and then click Next.

  10. On the Your Server’s Subject Namepage, do the following:

    • Click Subject name, and then type the FQDN of the pool.

    • In Subject Alternate Name, verify that the required entries exist. Optionally, click Subject Alternate Name, and then type any alternate names that identify the pool during authentication.

      Note:
      Subject alternate names (SANs) are required on your server for each supported Session Initiation Protocol (SIP) domain in the format sip.<domain> if all of the following are true:
      • Your organization supports multiple SIP domains.

      • Clients are using automatic configuration.

      • This pool is used to authenticate and redirect client sign in or this is the first Standard Edition server to which clients connect.

      If you selected the option to configure clients for automatic sign-in or selected the Enterprise Edition server option to configure this pool to redirect sign-in requests when you ran Configure Pool Wizard, the certificate wizard automatically adds these SIP domains to the certificate request.
    • To include the local computer name on the list of alternate names that identify the pool during authentication, select the Automatically add local machine name to the Subject Alt Namecheck box.

  11. On the Geographical Informationpage, enter the Country/Region, State/Provinceand City/Locality(do not use abbreviations), and then click Next.

  12. On the Certificate Request File Namepage, click Browse, choose a location, type a File name(with a .txt extension) for the certificate request, and then click Save.

  13. Verify the path and file name of the certificate request file in the File namebox, and then click Next.

  14. On the Request Summarypage, review the request information, and then click Next.

  15. Click Finish.