This article specifies the process of installing and configuring certificates on domain controller, server hosting Communicator Web Access.
Windows 2003 server running as Domain Controller will act as Certificate Authority (also known as CA) to provide extended security by offering support for Digital Certificates.
Note: There may be scenarios where a company might opt to use 3rd party issued Digital Certificates instead of creating their own, especially when that company's users will be dealing with out-of-the-company users, exchanging encrypted e-mail messages between themselves and these outside users, or when using SSL on a secured web site. This is because the outside users might not be willing to trust the company's internal CA.
Step1: Install IIS Server
1. Click
Start, point to
Settings, click
Control Panel, and then click
Add or Remove Programs.
2. Click
Add or Remove Windows Components.
3. In the
Windows Components Wizard, click
Application Server, press the
details command button. From the details dialog select
IIS and click ok.
4. Click
Next.
5. After the wizard completes the installation, click
Finish.
Step2: Install and Configure Certificate Services on Domain Controller
1. Click
Start, point to
Settings, click
Control Panel, and then click
Add or Remove Programs.
2. Click
Add or Remove Windows Components.
3. In the
Windows Components Wizard, click
Certificate Services.
4. On the
Microsoft Certificate Services page, click
Yes, and then click
Next.
5. On the
CA Type page, click
Enterprise root CA, and then click
Next.
6. On the
CA Identifying Information page, in the
Common name for this CA box, type
fully qualified domain name of the domain controller (like dc.acme.com), and then click
Next. (
Note: If you have been encountering issues like FQDN does not match with Certificate subject name then you should clear the text in Distinguished name suffix box.)
7. On the
Certificate Database Settings page, click
Next.
8. If prompted, type the full path to the Windows Server 2003 installation folder or CD, and then click
Continue.
9. You will get prompt to stop IIS, click
Yes. In the Microsoft Certificate Services message, click Yes to enable
ASP and
IIS.
Step3: Requesting Certificate from server which will be hosting Communicator Web Access
Before installing CWA on Windows 2003 server you must request a certificate from Domain controller and install it.
1. On
CWA server open a web browser and in the address box type the URL:
http://<domaincontroller IP Address>/CertSrv, and then press
enter.
2. Click
Request a certificate.
3. Click
Advanced certificate request.
4. Click
Create and submit a request to this CA.
5. In the
Certificate Template list, select the name of the template that you created for the Office Communications Server 2007 Standard/Enterprise Edition certificates.
6. In the
Identifying Information for Offline Template box, type
CWA server fully qualified domain name
7. The
Mark keys as exportable check box must be checked. Do not proceed unless this check box is selected. If the check box is cleared and is unavailable, you have not duplicated the web server template. You must do this before continuing.
8. In the
Key Options area, select the
Store certificate in the local computer certificate store check box
9. Click
Submit. If a potential scripting violation warning appears, and you understand and accept the implications, click
Yes.
Step4: Installing the Certificate received from Domain controller
1. Server will now provide the
certificate. Click
Install this certificate. If a potential scripting violation warning appears, and you understand and accept the implications, click
Yes.
2. Click
Start, click
Run, type
mmc, and then click
OK.
3. On the
File menu, click
Add/Remove Snap-in.
4. In the
Add/Remove Snap-in dialog box, click
Add.
5. In the list of Available Standalone Snap-ins, click
Certificates.
6. Click
Add, Click
Computer account, and then click
Next.
7. In the
Select Computer dialog box, ensure that the
Local computer: (the computer this console is running on) check box is selected, and then click
Finish.
8. Click
Close, and then click
OK.
9. In the left pane of the
Certificates console, expand
Certificates (Local Computer), expand
Trusted Root Certification Authorities, and then click
Certificates.
10. Confirm that the certificate that you just requested and installed and that contains an
FQDN of CWA server and is located in this folder. If it is not, copy it from the
Certificates folder under the
Personal folder node, just above.