![]() |
AE Services and Communication Server communicate using Transport Layer Security (TLS). For communication to take place, AE Services and Communications Server must exchange signed server certificates each time a TLS session is opened.
If OCS Enterprise edition is in use with an OCS server pool, the certificate should be issued in the name of the pool and must have both Server Authentication and Client Authentication. If a load balancer handles the pool, then the pool name should resolve to the load balancer’s IP address. For example, if the OCS pool is called "ocspool.company.com", and that is the pool that agents and OCS servers use, the DNS resolution of ocspool.company.com should be the IP address of the load balancer. Furthermore, the TLS certificate should be issued to ocspool.company.com from the correct authority with the correct company name, etc. Then, this certificate should be put on each of the OCS servers so that they pass this ocspool.company.com certificate when creating a secure socket to Application Enablement Services.
![]() | Note |
If you are using a Microsoft Windows Server 2003 Enterprise Edition Certificate Authority, Appendix D provides a procedure for creating a server certificate template that supports both client authentication and server authentication. For more information see "Appendix D: Certificate template creation for Server Certificates on the Microsoft CA Server". |