RAM Memory Upgrades microsoft access course Microsoft LCS Experts
HomeForumsLive Communications Server (LCS) 2003Live Communications Server (LCS) 2003 Installation

Certificate questions

Wed, 06/06/2007 - 21:42 — goldman313

Hey everyone, I now have no hair on my head from 1) scratching my head and 2) pulling my hair out. Hope someone can enlighten me:

I'm getting two errors I have questions about:

From Office Communicator on client pc, when trying to use TLS across Internet:

"There was a problem verifying the certificate from the server. Please contact your System Administrator." damn. i AM the sys admin!!!

The other message is when I'm running LCSDiag from the Access Proxy to the LCS Server:
"server certificate SN does not match the server FQDN. Please install on server a proper certificate."

Facts of the case:

I'm currently setting up LCS STANDARD 2005 SP1 on MS Server 2003 servers, I have internal (TCP) connections working fine, but most users here (about 40) are on the road at least part of the time, so I've setup an Access Proxy in order to use TLS for security and PIC.
No federation, as we're a small company and one server will do the job.

So I've purchased a SSL Cert for the Access Proxy, it's installed fine, it looks like. an Entrust Advantage SSL Cert.

Q#1: Do i need to purchase another x.509 certificate, this time for the LCS? I've made the Access Proxy a CA but I don't think it'll help. I also tried to export the Access Proxy's cert (with priv key) to the LCS but that didn't fly, either.

Q#2: the Access Proxy is not on the domain, it's on it's own workgroup as per suggestions. How do I setup a FQDN for an access proxy on it's own local workgroup? I have an external address NAT'ed to the 'public' ip (10.10.1.6) of the Access Proxy, ports 5060, 5061, 443 opened. doesn't work. I had an A Record added (im.companyname.com) to our web provider to resolve to the external address, no good.
I'm wondering if my "problem verifying cert from the server" issue is related to this.

Q#3: If the Access Proxy has a certificate from Entrust.com, can I use that for clent machines and/or the LCS? exporting the keys, maybe?

I'll totally admit that SSL Certs are new to me. But I'm stumped as I usually can learn and configure at same time, but not this time.

thanks,

-G.

LCS 2005 EE Msngrr 5.1 vs 5.0 Automatic Config signon problem ›
Copyright © 1996 Meni Milstein. No portion may be reproduced without my written permission. All registered trademarks or trademarks belong to their respective companies. Should any right be infringed, it is unintentional. Let us know and the matter will be rectified. All other contents that may be linked from this site, and or forum posts in this site are not under our immediate control and not our responsibility. We do our best to maintain all the Forums and editing them sometimes takes several days.