Enterprise Instant Messaging (Microsoft Unified Communications , IBM Sametime, Jabber)

Comprehensive Instant Messaging information resource for enterprise IT professionals
posts - 94, comments - 0, trackbacks - 0

Configuring Certificates for Communicator Web Access

This article specifies the process of installing and configuring certificates on domain controller, server hosting Communicator Web Access.

Windows 2003 server running as Domain Controller will act as Certificate Authority (also known as CA) to provide extended security by offering support for Digital Certificates.

Note: There may be scenarios where a company might opt to use 3rd party issued Digital Certificates instead of creating their own, especially when that company's users will be dealing with out-of-the-company users, exchanging encrypted e-mail messages between themselves and these outside users, or when using SSL on a secured web site. This is because the outside users might not be willing to trust the company's internal CA.

Step1: Install IIS Server
    1. Click Start, point to Settings, click Control Panel, and then click Add or Remove Programs.
    2. Click Add or Remove Windows Components.
    3. In the Windows Components Wizard, click Application Server, press the details command button. From the details dialog select IIS and click ok.
    4. Click Next.
    5. After the wizard completes the installation, click Finish.

Step2: Install and Configure Certificate Services on Domain Controller
    1. Click Start, point to Settings, click Control Panel, and then click Add or Remove Programs.
    2. Click Add or Remove Windows Components.
    3. In the Windows Components Wizard, click Certificate Services.
    4. On the Microsoft Certificate Services page, click Yes, and then click Next.
    5. On the CA Type page, click Enterprise root CA, and then click Next.
    6. On the CA Identifying Information page, in the Common name for this CA box, type fully qualified domain name of the domain controller (like dc.acme.com), and then click Next. (Note: If you have been encountering issues like FQDN does not match with Certificate subject name then you should clear the text in Distinguished name suffix box.)
    7. On the Certificate Database Settings page, click Next.
    8. If prompted, type the full path to the Windows Server 2003 installation folder or CD, and then click Continue.
    9. You will get prompt to stop IIS, click Yes. In the Microsoft Certificate Services message, click Yes to enable ASP and IIS.

Step3: Requesting Certificate from server which will be hosting Communicator Web Access
    Before installing CWA on Windows 2003 server you must request a certificate from Domain controller and install it.
    1. On CWA server open a web browser and in the address box type the URL: http://<domaincontroller IP Address>/CertSrv, and then press enter.
    2. Click Request a certificate.
    3. Click Advanced certificate request.
    4. Click Create and submit a request to this CA.
    5. In the Certificate Template list, select the name of the template that you created for the Office Communications Server 2007 Standard/Enterprise Edition certificates.
    6. In the Identifying Information for Offline Template box, type CWA server fully qualified domain name
    7. The Mark keys as exportable check box must be checked. Do not proceed unless this check box is selected. If the check box is cleared and is unavailable, you have not duplicated the web server template. You must do this before continuing.
    8. In the Key Options area, select the Store certificate in the local computer certificate store check box
    9. Click Submit. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes.

Step4: Installing the Certificate received from Domain controller
   
1. Server will now provide the certificate. Click Install this certificate. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes.
    2. Click Start, click Run, type mmc, and then click OK.
    3. On the File menu, click Add/Remove Snap-in.
    4. In the Add/Remove Snap-in dialog box, click Add.
    5. In the list of Available Standalone Snap-ins, click Certificates.
    6. Click Add, Click Computer account, and then click Next.
    7. In the Select Computer dialog box, ensure that the Local computer: (the computer this console is running on) check box is selected, and then click Finish.
    8. Click Close, and then click OK.
    9. In the left pane of the Certificates console, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.
    10. Confirm that the certificate that you just requested and installed and that contains an FQDN of CWA server and is located in this folder. If it is not, copy it from the Certificates folder under the Personal folder node, just above.

Print | posted on Wednesday, May 30, 2007 7:54 PM |