This topic describes how to configure a new certificate for an Office Communications Server 2007 R2 server.
To configure a new certificate
-
Log on to the server for which you want to configure a certificate with an account that is a member of the Administrators and the RTCUniversalServerAdmins group and has permissions to request a certificate from your certification authority (CA).
-
Do one of the following:
- Insert the Microsoft Office Communications Server 2007 R2 CD,
and then click one of the following:
-
Enterprise Edition
-
Standard Edition
-
Enterprise Edition
- If you are installing from a network share, browse to the
\setup\amd64\ folder on the network share, and then double-click
one of the following:
-
setupEE.exe
-
setupSE.exe
-
setupEE.exe
- Insert the Microsoft Office Communications Server 2007 R2 CD,
and then click one of the following:
-
In the deployment tool, do one of the following:
- Click
Deploy Pools in a Consolidated Topology.
- Click
Deploy Standard Edition Server.
- Click
Deploy Pools in a Consolidated Topology.
-
At Configure Certificate, click Run.
-
On the Welcome to the Certificate Wizardpage, click Next.
-
On the Available certificates taskspage, click Create a new certificate, and then click Next.
-
On the Delayed or Immediate Requestpage, click Send the request immediately to an online certification authority, and then click Next.
-
On the Name and Security Settingspage, do the following:
- Under
Name, type a meaningful name for the certificate that this
server will use for Office Communications Server communications.
- Under
Bit length, select the bit length that you want to use for
encryption.
Note: A higher bit length is more secure, but it can degrade performance. - Clear the
Mark cert as exportablecheck box.
- Under
Name, type a meaningful name for the certificate that this
server will use for Office Communications Server communications.
-
Click Next.
-
On the Organization Informationpage, type or select the name of your organization and organizational unit, and then click Next.
-
On the Your Server’s Subject Namepage, do the following:
- In
Subject name, verify that the pool fully qualified domain
name (FQDN) is displayed.
- In
Subject Alternate Name, verify that the required entries
exist. Optionally, click
Subject Alternate Name, and then type any alternate names
that identify the pool during authentication.
Note: Subject alternate names (SANs) are required on your server for each supported Session Initiation Protocol (SIP) domain in the format sip. <domain>if all of the following are true: - Your organization supports multiple SIP domains.
- Clients are using automatic configuration.
- This pool is used to authenticate and redirect client sign in
or this is the first Standard Edition server to which clients
connect.
- Your organization supports multiple SIP domains.
- To include the local computer name on the list of alternate
names that identify the pool during authentication, select the
Automatically add local machine name to the Subject Alt
Namecheck box.
- In
Subject name, verify that the pool fully qualified domain
name (FQDN) is displayed.
-
Click Next.
-
On the Geographical Informationpage, enter the Country/Region, State/Provinceand City/Locality(do not use abbreviations), and then click Next.
-
On the Choose a Certification Authoritypage, the wizard attempts to automatically detect any CAs that are published in Active Directory Domain Services (AD DS). Do one of the following:
- Click
Select a certificate authority from the list detected in your
environment, and then click your CA in the list.
- Click
Specify the certificate authority that will be used to request
this certificate, and then type the name of your CA in the box,
using the format
<FQDN of CA>\<CA instance>. For example,
CA.contoso.com\CAserver1. If you type an external CA name, a dialog
box appears. Type the user name and password for the external CA,
and then click
OK.
- Click
Select a certificate authority from the list detected in your
environment, and then click your CA in the list.
-
Click Next.
-
On the Request Summarypage, review the settings that you specified, and then click Next.
-
On the Assign Certificate Taskpage, click Assign certificate immediately, and then click Next.
-
On the Configure the Certificate(s) of Your Serverpage, click Next.
-
Click Finish.
-
Submit this file to your CA (by e-mail or other method supported by your organization for your Enterprise CA). If your CA is configured for automatic approval, proceed to the next procedure. If your CA requires CA administrator approval to issue a certificate, the administrator must manually approve or deny the certificate issuance request on the issuing CA before you can assign it.