After configuring the edge certificates for the external and internal interfaces, you are ready to set up the A/V authentication certificates on Edge Servers. The private key of the A/V authentication certificate is used to generate authentication credentials. As a security precaution, you should not use the same certificate for A/V authentication that you use for the internal interface of the Edge Server.

If multiple servers are deployed in a load balanced array, the same A/V authentication certificate must be installed on each Edge Server. This means that the certificate must be from the same issuer and use the same private key.

To set up A/V authentication certificates, use the procedures in this section to do the following:

To create the A/V authentication certificate request for Edge Servers

  1. On the Edge Server, in the Deployment Wizard, on the Deploy Edge Serverpage, next to Step 4: Configure Certificates for the Edge Server, click Run.

    Note:
    If you have multiple Edge Servers in one location in an array, you can run the Communications Certificate Wizard on any one of the Edge Servers.
  2. In the Communications Certificate Wizard, on the Welcomepage, click Next.

  3. On the Available Certificate Taskspage, click Create a new certificate, and then click Next.

  4. On the Select the Component for Which Certificate Is Requestedpage, select A/V Authentication Certificate.

  5. On the Delayed or Immediate Requestpage, select the Prepare the request now, but send it latercheck box, and then click Next.

  6. On the Name and Security Settingspage, type a friendly name for the certificate, specify the bit length (typically, the default of 1024), select the Mark the certificate as exportablecheck box, and then click Next.

  7. On the Organization Informationpage, type the name for the organization and the organizational unit (such as a division or department, if appropriate), and then click Next.

  8. On the Your Server's Subject Namepage, in Subject name, type or select the subject name of the A/V Edge service on the Edge Server.

    Note:
    The subject name should match the fully qualified domain name (FQDN) of the A/V Edge Service published by the external firewall, or the FQDN of the VIP used by the A/V Edge Service array on the external load balancer (that is, if the Edge Servers are load balanced).
  9. Click Next.

  10. On the Geographical Informationpage, type the location information, and then click Next.

  11. On the Certificate Request File Namepage, type the full path and file name to which the request is to be saved (or, click Browseto locate and select the certificate), and then click Next.

  12. On the Request Summarypage, review the certificate information, and then click Next.

  13. On the Certificate Wizard completedpage, verify successful completion, and then click Finish.

  14. After the Enterprise CA creates the request, submit this file to your CA (that is, by e-mail or other method supported by your organization for your Enterprise CA) and, when you receive the response file, copy the new certificate to a location that is accessible by the Edge Server on which you requested the certificate.

To import the A/V authentication certificate on the first Edge Server

  1. On the Edge Server on which you created the certificate request, in the Deployment Wizard, in Deploy Other Server Roles, in Deploy Edge Server, next to Step 4: Configure Certificates for the Edge Server, click Run.

  2. In the Communications Certificate Wizard, on the Welcomepage, click Next.

  3. On the Available certificate taskspage, click Process the pending request and import the certificate, and then click Next.

  4. On the Process a Pending Requestpage, type the full path and file name of the certificate that you requested for A/V authentication in the Path and file namebox (or, click Browseto locate and select the file), and then click Next.

  5. On the wizard completion page, verify successful completion, and then click Finish.

To export the certificate for A/V authentication

  1. On the Edge Server on which you requested and imported the certificate, in the Deployment Wizard, on the Deploy Edge Serverpage, next to Step 4: Configure Certificates for the Edge Server, click Run.

  2. In Communications Certificate Wizard, on the Welcomepage, click Next.

  3. On the Available Certificate Taskspage, click Export a certificate to a .pfx file, and then click Next.

  4. On the Available Certificatespage, in Select a certificate, click the certificate that you imported to this Edge Server, and then click Next.

  5. On the Export Certificatepage, in Path and file name, type the full path and file name of to which you want to export the certificate (or, click Browseto locate and select the certificate), and then click Next.

  6. In the Export Certificate Passwordpage, in Password, type the password that will be used to import the certificate on the other Edge Servers, and then click Next.

  7. On the wizard completion page, verify successful completion, and then click Finish.

  8. Copy the exported file to a location or media that is accessible by the other Edge Servers.

To import the certificate for A/V authentication on the other Edge Servers

  1. On each of the other Edge Servers, in the Deployment Wizard, on the Deploy Edge Serverpage, next to Step 4: Configure Certificates for the Edge Server, click Run.

  2. In the Communications Certificate Wizard, on the Welcomepage, click Next.

  3. On the Available Certificate Taskspage, click Import a certificate from a .pfx file, and then click Next.

  4. On the Import Certificatepage, in Path and file name, type the full path and file name of the certificate that you exported from the first Edge Server (or, click Browseto locate and select the certificate), clear the Mark certificate as exportablecheck box, and then click Next.

  5. In the Import Certificate Password, in Password, type the password that you typed when you exported the certificate from the first server, and then click Next.

  6. On the wizard completion page, verify successful completion, and then click Finish.

  7. Repeat this procedure for each Edge Server that will use the same certificate.

To assign the A/V authentication certificate on the Edge Servers

  1. On each Edge Server, in the Deployment Wizard, on the Deploy Edge Serverpage, next to Step 4: Configure Certificates for the Edge Server, click Run.

  2. In the Communications Certificate Wizard, on the Welcomepage, click Next.

  3. On the Available Certificate Taskspage, click Assign an existing certificate, and then click Next.

  4. On the Available Certificatespage, select the certificate that you requested for the Edge Server (in the previous procedure), and then click Next.

  5. On the Available Certificate Assignmentspage, select the A/V Edge Servercheck box.

  6. On the Configure the Certificate Settings of Your Serverpage, review your settings, and then click Next.

  7. On the wizard completion page, click Finish.

  8. After assigning the certificate on each Edge Server, open the Certificate snap-in on each server, expand Certificates (Local computer), expand Personal, click Certificates, and then verify in the details pane that the A/V authentication certificate is listed.

  9. If your deployment includes an array of Edge Servers, repeat this procedure for each Edge Server.