Installing a Web Server Certificate for Communicator Web Access
Topic Last Modified: 2009-08-06
After you download and install the certificate chain, you are ready to request and install the Web Server certificate on the Communicator Web Access (2007 R2 release) server. To ensure that you obtain the correct certificate, and to ensure that this certificate is placed in the correct certificate store on the Communicator Web Access computer, you should request your Web Server certificate by using the LcsCmd.exe command-line tool.
The parameters required when requesting a certificate for Communicator Web Access are detailed in the following table.
| Parameter | Sample Value | Description |
|---|---|---|
/Cert |
None |
Indicates you want to work with certificates. |
/Action |
Request |
Indicates that you want to request a new certificate. |
/sn |
im.contoso.com |
Subject name for the certificate. This will typically be the URL for the Communicator Web Access Web site. |
/san |
im.contoso.com,download.im.contoso.com,as.im.contoso.com,cwaserver.contoso.com |
Subject alternative name, with individual entries separated by using a comma. The subject alternative name should always include the following:
For details about the as and download records, see Configuring Communicator Web Access DNS Records. |
/ca |
ca-server.contoso.com |
The fully qualified domain name (FQDN) of the certification authority (CA). |
/ou |
OCSServers |
The Active Directory organizational unit (OU) where the computer account is located. |
/org |
Contoso |
The organization that the computer belongs to. |
/country |
US |
The country where the computer is located. You must use a two-letter country abbreviation. |
/city |
Redmond |
The city where the computer is located. |
/state |
WA |
For the United States and Canada, the state/province where the computer is located. You must use a two-letter abbreviation. |
/friendlyName |
CWA_Certificate |
A “nickname” that makes it easy to identify the certificate. Without a friendly name, the certificate will use the fully qualified domain name of the computer. As a result, you could end up with multiple certificates named cwaserver.contoso.com, making it difficult to determine which certificate is which. |
/exportable |
TRUE |
Indicates that the certificate can be exported. This means that you can make a copy of the certificate, either as a backup, or for use on another computer. |
To request a Web Server certificate from a Windows Server CA
On the computer where Communicator Web Access is to be installed, click Start, and then click Run.
In the Run dialog box, type cmd, and then click OK.
At the command prompt, type the path to the root folder on the Office Communications Server 2007 R2 CD and then press ENTER. For example, if your CD drive is drive F you would type the following:
cd f:\
If you are logged on to the computer as an administrator type the following command to install Communicator Web Access (be sure and substitute your actual parameter values for the sample values shown here). The entire command should be typed on a single line as follows:
LcsCmd.exe /Cert /Action:Request /sn:im.contoso.com /san: im.contoso.com,download.im.contoso.com,as.im.contoso.com /ca:ca-server.contoso.com /OU:OCSServers /org:Contoso /country:US /city:Redmond /state:WA /friendlyName:CWA_Certificate /exportable:TRUE
To verify installation of the Web Server certificate
On the Communicator Web Access server, click Start, and then click Run.
In the Run dialog box, type mmc, and then click OK.
On the File menu, click Add/Remove Snap-in.
In the Add/Remove Snap-in dialog box, click Add.
In the list of Available Standalone Snap-ins, click Certificates.
Click Add.
In the Certificates Snap-in dialog box click Computer account, and then click Next.
In the Select Computer dialog box, ensure that the Local computer: (the computer this console is running on) check box is selected, and then click Finish.
Click Close, and then click OK.
In the left pane of the Certificates console, expand Certificates (Local Computer), expand the Personal folder, and then click Certificates.
Confirm that the certificate is located in this folder.