Step 3: Configure Certificate
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Each QoE Monitoring Server requires a certificate in order to use MTLS (TLS with mutual authentication). All Office Communications Server roles use MTLS to communicate with each server.
You can use the Certificates Wizard on a QoE Monitoring Server to do the following:
Request, create, and assign a new Web certificate with enhanced key usage for server authentication.
Assign an existing certificate.
To configure a new certificate
In the Deployment Wizard, under Step 3: Configure Certificate, click Run.
On the Welcome to the Certificate Wizard page, click Next.
On the Available Certificate Tasks page, click Create a new certificate, and then click Next.
On the Delayed or Immediate Request page, click Send the request immediately to an online certification authority, and then click Next.
On the Name and Security Settings page, do the following:
Under Name, enter a meaningful name for the certificate that this server will use for Office Communications Server communications.
Under Bit length, select the bit length that you want to use for encryption. A higher bit length is more secure, but it can degrade performance.
Clear the Mark cert as exportable check box.
When you are finished, click Next.
On the Organization Information page, type or select the name of your organization and organizational unit, and then click Next.
On the Your Servers Subject Name page, do the following:
In Subject Name, verify that the server FQDN is displayed.
Optionally, click Subject Alternate Name, and then type any alternate names that will identify the server during authentication.
Note
If either of the following is true, you must configure a certificate Subject Alternate Name.
If the name of your SIP domain is different from that of the Active Directory domain, add the FQDN of the SIP domain as the Subject Alternate Name.
If the internal FQDN that you plan to use for the Web Components Server is different from the external FQDN and you plan to configure the reverse proxy in the perimeter network for tunneling, add the external FQDN as the Subject Alternate Name.When you are finished, click Next.
On the Geographical Information page, enter the Country/Region, State/Province, and City/Locality. Do not use abbreviations. When you are finished, click Next.
On the Choose a Certification Authority page, do one of the following:
Click Select a certificate authority from the list detected in your environment, and then click your certification authority (CA) in the list.
Click Specify the certificate authority that will be used to request this certificate, and then type the name of your CA in the box. If you type an external CA name, a dialog box appears. Type the user name and password for the external CA, and then click OK.
When you are finished, click Next.
On the Request Summary page, review the settings that you specified, and then click Next.
On the Certificates Wizard completed successfully page, click Assign.
A dialog box appears and informs you that the settings were applied successfully. Click OK.
Click Finish.
To configure an existing certificate
In the Deployment Wizard, at Step 3: Configure Certificate, click Run.
On the Welcome to the Certificate Wizard page, click Next.
On the Available Certificate Tasks page, click Assign an existing certificate, and then click Next.
On the Available Certificates page, select a certificate, and then click Next.
On the Configure the Certificate(s) of your Server page, click Next.
When the wizard has completed, click Finish.