![]() |
If you are using a Microsoft Windows Server 2003 Enterprise Edition Certificate Authority, you can use the procedure in this appendix to create a server certificate template that supports both client authentication and server authentication.
The server certificates exchanged between AE Services and Microsoft configurations (either Live Communications Server 2005 or Microsoft Office Communications Server 2007) must support both client authentication and server authentication.
This appendix applies to exclusively configurations that use a Certification Authority on Microsoft Windows Server 2003 R2 Enterprise Edition Service Pack 2. That is, it is not applicable to the procedures for administering certificates in Chapter 2 or Chapter 3 of this document.
![]() | Important |
If OCS Enterprise edition is in use with an OCS server pool, the certificate should be issued in the name of the pool and must have both Server Authentication and Client Authentication. If a load balancer handles the pool, then the pool name should resolve to the load balancer’s IP address. For example, if the OCS pool is called ocspool.company.com, and that is the pool that agents and OCS servers use, the DNS resolution of ocspool.company.com should be the IP address of the load balancer. Furthermore, the TLS certificate should be issued to ocspool.company.com from the correct authority with the correct company name, etc. Then, this certificate should be put on each of the OCS servers so that they pass this ocspool.company.com certificate when creating a secure socket to Application Enablement Services. |