• Article

Requesting a Certificate

Topic Last Modified: 2009-01-25

This section describes the procedures for requesting a certificate from a public certification authority (CA). If you need to generate an offline request or you are using a public CA, use the following set of instructions to request and process the certificate.

To request the certificate

  1. On the server on which you have installed Office Communications Server, click Start, click Programs, click Administrative Tools, and then click Office Communications Server 2007 R2.

  2. In the snap-in, expand the nodes until you reach the Enterprise Edition server or Standard Edition server that you installed.

  3. Right-click the server name, and then click Certificates.

  4. On the Welcome to the Certificate Wizard page, click Next.

  5. On the Available Certificate Tasks page, click Create a new certificate, and then click Next.

  6. On the Delayed or Immediate Request page, click Prepare the request now, but send it later, and then click Next.

  7. On the Name and Security Settings page, do the following:

    • Under Name, type a meaningful name for the certificate that this server will use for Office Communications Server communications. For example, you can use the pool fully qualified domain name (FQDN) or the server name as the certificate name.

    • Under Bit length, select the bit length that you want to use for encryption.

      Note

      A higher bit length is more secure, but it can degrade performance.

    • Clear the Mark cert as exportable check box.

  8. Click Next.

  9. On the Organization Information page, type or select the name of your organization or organizational unit, and then click Next.

  10. On the Your Server’s Subject Name page, do the following:

    • Click Subject name, and then type the FQDN of the pool.

    • In Subject Alternate Name, verify that the required entries exist. Optionally, click Subject Alternate Name, and then type any alternate names that identify the pool during authentication.

      Note

      Subject alternate names (SANs) are required on your server for each supported Session Initiation Protocol (SIP) domain in the format sip.<domain> if all of the following are true:

      • Your organization supports multiple SIP domains.
      • Clients are using automatic configuration.
      • This pool is used to authenticate and redirect client sign in or this is the first Standard Edition server to which clients connect.
      If you selected the option to configure clients for automatic sign-in or selected the Enterprise Edition server option to configure this pool to redirect sign-in requests when you ran Configure Pool Wizard, the certificate wizard automatically adds these SIP domains to the certificate request.

    • To include the local computer name on the list of alternate names that identify the pool during authentication, select the Automatically add local machine name to the Subject Alt Name check box.

  11. On the Geographical Information page, enter the Country/Region, State/Province and City/Locality (do not use abbreviations), and then click Next.

  12. On the Certificate Request File Name page, click Browse, choose a location, type a File name (with a .txt extension) for the certificate request, and then click Save.

  13. Verify the path and file name of the certificate request file in the File name box, and then click Next.

  14. On the Request Summary page, review the request information, and then click Next.

  15. Click Finish.