Internal Office Communications Server 2007 R2 servers that
require certificates include Standard Edition server, Enterprise
Edition Front End Server, and Director. The following table shows
high-level certificate requirements for internal Office
Communications Server servers. Although an internal Enterprise
certification authority (CA) is recommended for internal servers,
you can also use a public CA. For a list of public CAs that provide
certificates that comply with specific requirements for unified
communications certificates and have partnered with Microsoft to
ensure they work with the Office Communications Server Certificate
Wizard, see article Microsoft Knowledge Base 929395, "Unified
Communications Certificate Partners for Exchange 2007 and for
Communications Server 2007," at
The following tables show certificate requirements by server role for Enterprise pools and Standard Edition servers.
Table 1. Certificates for Standard Edition Server Topology
| Server role | Recommended CA | Subject Name/Common Name | Subject Alternate Name | Comments |
|---|---|---|---|---|
|
All server roles (which are collocated) |
Enterprise CA |
FQDN of the Standard Edition server |
If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. |
The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Components Server. |
Table 2. Certificates for Enterprise Pool: Consolidated Server Topology
| Server role | Recommended CA | Subject Name/Common Name | Subject Alternate Name | Comments |
|---|---|---|---|---|
|
All server roles (which are collocated) |
Enterprise CA |
FQDN of the pool For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SN or Subject Alternate Name. |
If you have multiple SIP domains and have enabled automatic client configuration, the wizard detects the SIP domains, adds them to the Subject Alternate Name, and then adds each supported SIP domain FQDN. For the Web Components Server role, the certificate must have the URL of the internal Web farm in the Subject Alternate Name (if the FQDN is different from the pool FQDN). |
The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. The certificate must be installed on each server in the pool. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Components Server. |
Table 3. Certificates for Director, Standard Edition Topology
| Server role | Recommended CA | Subject Name/Common Name | Subject Alternate Name | Comments |
|---|---|---|---|---|
|
Director |
Enterprise CA |
FQDN of the Standard Edition server |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. |
The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. |
Table 4. Certificates for Director, Enterprise Pool Topology
| Server role | Recommended CA | Subject Name/Common Name | Subject Alternate Name | Comments |
|---|---|---|---|---|
|
Director |
Enterprise CA |
FQDN of the pool |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. |
The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. |