The Mediation Server must be configured with a server certificate to connect to other Office Communications Servers. This topic describes the following procedures that you must perform to configure a certificate for Mediation Server:

You can use the Communications Certificate Wizard to complete most of these procedures. These procedures describe how to access the Communications Certificate Wizard from the Office Communications Server 2007 R2 Deployment Wizard. You can also access it from the Office Communications Server 2007 R2 snap-in on each Mediation Server.

The steps of these procedures are based on using a Windows Server 2003 Enterprise CA or a Windows Server 2003 R2 CA. For step-by-step guidance for any other CAs, consult the documentation of the CA.

To download the CA certificate chain for the Mediation Server

  1. With your Enterprise root CA offline and your Enterprise subordinate (issuing) CA Server online, log on to the Mediation Server as a member of the RTCUniversalServerAdminsgroup.

  2. Click Start, click Run, type http://< name of your Issuing CA Server >/certsrv, and then click OK.

  3. Under Select a task, click Download a CA certificate, certificate chain, or CRL.

  4. Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA certificate chain.

  5. In the File Downloaddialog box, click Save.

  6. Save the .p7b file to the hard disk on the server, and then copy it to a folder on the Mediation Server.

    Note:
    If you open this file, the file contains all of the certificates that are in the certification path. To view the certification path, open the server certificate and then click the certification path.

To install the CA certificate chain for the Mediation Server

  1. In the Deployment Wizard, click Deploy Other Server Roles, and then click Deploy Mediation Server.

  2. On the Deploy Mediation Serverpage, next to Step 4 Configure Certificates, click Run.

  3. On the Welcomepage of the Communications Certificate Wizard, click Next.

  4. On the Available certificate taskspage, click Import a certificate chain from a .p7b file, and then click Next.

  5. On Import Certificate Chainpage, click Browseto locate the .p7b file, click the file, and then click Next.

  6. Click Finish.

To verify that your CA is in the list of trusted root CAs

  1. Open an MMC console by clicking Start, clicking Run, typing mmcin the Openbox, and then clicking OK.

  2. On the Filemenu, click Add/Remove Snap-in, and then click Add.

  3. In the Add Standalone Snap-insbox, click Certificates, and then click Add.

  4. In the Certificate snap-indialog box, click Computer account, and then click Next.

  5. In the Select Computerdialog box, ensure that the Local computer: (the computer this console is running on)check box is selected, and then click Finish.

  6. Click Close, and then click OK.

  7. In the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.

  8. In the details pane, verify that your CA is on the list of trusted CAs.

To create the certificate request for the Mediation Server

  1. In Deployment Wizard, on the Deploy Mediation Serverpage, next to Step 3, Configure Certificates for the Mediation Server, click Run.

  2. On the Welcomepage of the Communications Certificate Wizard, click Next.

  3. On the Available Certificate Taskspage, click Create a new certificate, and then click Next.

    Note:
    If you already have a certificate available, click Assign an Existing Certificateand continue with steps 3 through 7 in the procedure To Assign the Certificate to the Mediation Serverlater in this topic.
  4. On the Delayed or Immediate Requestpage, select one of the following options:

    • If you intend to output your request to a text file and then send that file to an offline CA, select the Prepare the request now, but send latercheck box, and then click Next.

      Note:
      If you choose this option, you have to import the certificate and assign it to the Mediation Server later.
    • If you want to send the request immediately, select the Send the request immediately to an online CAcheck box, and then click Next.

  5. On the Name and Security Settingspage, type a friendly name for the certificate, and specify the bit length (typically, the default of 1024), select the Mark certificate as exportablecheck box, and then click Next.

  6. On the Organization Informationpage, type the name for the organization and the organizational unit (for example, a division or department), and then click Next.

  7. On the Your Server's Subject Namepage, type or select the subject name and subject alternate name of the Mediation Server.

    Note:
    The subject name should match the FQDN of the Mediation Server.

    If your deployment includes multiple SIP domain names, in Subject alternate name, type the same name that you typed in Subject name, and then click Add. Type each additional SIP domain name, separating each name with a comma.
  8. Click Next.

  9. On the Geographical Informationpage, type the location information, and then click Next.

  10. The next page you see depends on which option you chose in Step 4:

    • If you selected Send the request immediately to an online CAin Step 4, select your CA from the list or type the name of your CA in the Certification Authority box. If you type an external CA name, a dialog box appears. Type the user name and password for the external CA, click OK, and then click Next.

    • If you selected Prepare the request now but send laterin Step 4, type the file name and path to which the request is to be saved, and then click Next. Submit this file to your CA (by e-mail or other method supported by your organization for your Enterprise CA) and, when you receive the response file, copy the new certificate to this computer so that it is available for import.

  11. On the Request Summarypage, click Next.

  12. On the Certificate Wizard Completedpage, verify successful completion, and then click Finish.

Note:
If you obtained your certificate from an online CA skip the next procedure and proceed directly to the procedure that follows it, entitled "To assign the certificate to the Mediation Server."

To import the certificate for the Mediation Server

  1. In Deployment Wizard, on the Deploy Mediation Serverpage, next to Step 4, Configure Certificates, click Run.

  2. On the Welcomepage of the Communications Certificate Wizard, click Next.

  3. On the Pending certificate taskspage, click Process a pending request and import the certificate, and then click Next.

  4. In the Path and file namebox, type the full path and file name of the certificate that you requested for the Mediation Server, and then click Next.

  5. On the wizard completion page, verify successful completion, and the click Finish.

To assign the certificate to the Mediation Server

  1. In the Deployment Wizard, on the Deploy Mediation Serverpage, next to Step 4, Configure Certificates, click Run.

  2. On the Welcomepage of the Communications Certificate Wizard, click Next.

  3. On the Available certificate taskspage, click Assign an existing certificate, and then click Next.

  4. On the Available Certificatespage, select the certificate that you requested for the Mediation Server, and then click Next.

  5. Review your settings, and then click Next.

  6. On the Certificate Wizard Completedpage, click Finish.