After you download and install the certificate chain, you are ready to request and install the Web Server certificate on the Communicator Web Access (2007 R2 release) server. To ensure that you obtain the correct certificate, and to ensure that this certificate is placed in the correct certificate store on the Communicator Web Access computer, you should request your Web Server certificate by using the LcsCmd.exe command-line tool.

The parameters required when requesting a certificate for Communicator Web Access are detailed in the following table.

Parameter Sample Value Description

/Cert

None

Indicates you want to work with certificates.

/Action

Request

Indicates that you want to request a new certificate.

/sn

im.contoso.com

Subject name for the certificate. This will typically be the URL for the Communicator Web Access Web site.

/san

im.contoso.com,download.im.contoso.com,as.im.contoso.com,cwaserver.contoso.com

Subject alternative name, with individual entries separated by using a comma. The subject alternative name should always include the following:

  • The host name of the Communicator Web Access site (im.contoso.com)

  • The asDomain Name System (DNS) record

  • The downloadDNS record

  • The fully qualified domain name (FQDN) of the computer where the certificate will be installed (for example, cwaserver.contoso.com)

For details about the asand downloadrecords, see Configuring Communicator Web Access DNS Records.

/ca

ca-server.contoso.com

The fully qualified domain name (FQDN) of the certification authority (CA).

/ou

OCSServers

The Active Directory organizational unit (OU) where the computer account is located.

/org

Contoso

The organization that the computer belongs to.

/country

US

The country where the computer is located. You must use a two-letter country abbreviation.

/city

Redmond

The city where the computer is located.

/state

WA

For the United States and Canada, the state/province where the computer is located. You must use a two-letter abbreviation.

/friendlyName

CWA_Certificate

A “nickname” that makes it easy to identify the certificate. Without a friendly name, the certificate will use the fully qualified domain name of the computer. As a result, you could end up with multiple certificates named cwaserver.contoso.com, making it difficult to determine which certificate is which.

/exportable

TRUE

Indicates that the certificate can be exported. This means that you can make a copy of the certificate, either as a backup, or for use on another computer.

To request a Web Server certificate from a Windows Server CA

  1. On the computer where Communicator Web Access is to be installed, click Start, and then click Run.

  2. In the Rundialog box, type cmd, and then click OK.

  3. At the command prompt, type the path to the root folder on the Office Communications Server 2007 R2 CD and then press ENTER. For example, if your CD drive is drive F you would type the following:

    cd f:\

  4. If you are logged on to the computer as an administrator type the following command to install Communicator Web Access (be sure and substitute your actual parameter values for the sample values shown here). The entire command should be typed on a single line as follows:

    LcsCmd.exe /Cert /Action:Request /sn:im.contoso.com /san: im.contoso.com,download.im.contoso.com,as.im.contoso.com /ca:ca-server.contoso.com /OU:OCSServers /org:Contoso /country:US /city:Redmond /state:WA /friendlyName:CWA_Certificate /exportable:TRUE

To verify installation of the Web Server certificate

  1. On the Communicator Web Access server, click Start, and then click Run.

  2. In the Rundialog box, type mmc, and then click OK.

  3. On the Filemenu, click Add/Remove Snap-in.

  4. In the Add/Remove Snap-indialog box, click Add.

  5. In the list of Available Standalone Snap-ins, click Certificates.

  6. Click Add.

  7. In the Certificates Snap-indialog box click Computer account, and then click Next.

  8. In the Select Computerdialog box, ensure that the Local computer: (the computer this console is running on)check box is selected, and then click Finish.

  9. Click Close, and then click OK.

  10. In the left pane of the Certificatesconsole, expand Certificates (Local Computer), expand the Personalfolder, and then click Certificates.

  11. Confirm that the certificate is located in this folder.