Like other Office Communications Server components, Communicator Web Access requires an MTLS certificate to authenticate traffic with other components of Office Communications Server. If you are using the HTTPS protocol for your virtual servers, an SSL certificate is required to authenticate the traffic between each Communicator Web Access server and each logged-on client.

In many cases, the same certificate can be used for both your MTLS connections and your SSL connections. For details about both certificate requirements and the recommended procedure for requesting and installing certificates for Communicator Web Access, see Preparing Certificates for Communicator Web Accessin Deploying Communicator Web Access in the Deployment documentation.

If you have set up a Windows CA, you can generate your own certificates for use with Communicator Web Access. If all your users are internal users (that is, users who log on from inside the organization’s firewall), you might want to use self-generated certificates: There is no charge for certificates that you create yourself, and – as members of the same domain – your client computers more than likely already trust certificates generated by your internal CA.

Certificates purchased from a third-party CA can also be used with Communicator Web Access. If you are supporting external users (that is, users who log on from outside the organization’s firewall), you might want to use a third-party certificate for all of your external virtual servers. By default, the Windows operating system (and many other operating systems) comes with certificates from many of the major third-party CAs preinstalled. Using a third-party certificate for external virtual servers helps limit security warnings and provide for a better Communicator Web Access experience for external users.