• Article

Prepare for Edge Server Internal Certificates

Topic Last Modified: 2009-01-23

Each Edge Server must have a certificate for mutual TLS (MTLS) communication with internal servers.

To set up a certificate on the internal interface of Edge Servers at one site, follow these steps:

  • Step 1: Download the certification authority (CA) certification path for the internal interface to each Edge Server. This step can be performed now, and the instructions are in this topic.

    Note

    Steps 2 through 8 are performed during the Edge Server installation process. For more details about these steps, see Set Up Certificates for the Internal Interface.

  • Step 2: Import the CA certification path for the internal interface, on each Edge Server.

  • Step 3: Verify that the CA is in the list of trusted root CAs, on each Edge Server.

  • Step 4: Create the certificate request for the internal interface, on one Edge Server, called the first Edge Server.

  • Step 5: Import the certificate for the internal interface on the first Edge Server.

  • Step 6: Export the certificate, using the first Edge Server.

  • Step 7: Import the certificate on the other Edge Servers at this site (or deployed behind this load balancer).

  • Step 8: Assign the certificate for the internal interface of every Edge Server.

To download the CA certification path for the internal interface

  1. With your Enterprise root CA offline and your Enterprise subordinate (that is, issuing) CA Server online, log on to an Office Communications Server 2007 R2 server in the internal network (that is, not the Edge Server) as a member of the Administrators group.

  2. Click Start, click Run, type https://<name of your Issuing CA Server>/certsrv (if you are using Windows Server 2008) or http://<name of your Issuing CA Server>/certsrv (for Windows Server 2003), and then click OK.

  3. Under Select a task, click Download a CA certificate, certificate chain, or CRL.

  4. Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA certificate chain.

  5. In the File Download dialog box, click Save.

  6. Save the .p7b file to the hard drive on the server, and then copy it to a folder on each Edge Server.

    Note

    The .p7b file contains all of the certificates that are in the certification path. To view the certification path, open the server certificate and click the certification path.