Mino – The UC Guy

Microsoft Unified Communications Blog

How to install a Public Root CA certificate on Office Communicator 2007 Phone Edition

Posted by Mino on October 7, 2008

What can you do if the Public Certificate you are using on your Edge server(s) is not trusted by Office Communicator 2007 Phone edition? The public certificate is not trusted because its corresponding Root CA certificate is not installed on the device per default. Here I describe how to make Root CA certificates available on the device.

You can use the certutil mechanism to install the Public Root CA certificate. First you download the certificate from the CA’s web site. Then you use the certutil command to publish the certificate to your Active Directory. It will be added as an object under CN=Certification Authorities, CN=Public Key Services, CN=Services, CN=Configuration, DC=<domain>, DC=<tld>. You can add multiple Root CA certificates using this method. The device will download all the certificates found.

After the public Root CA certificate is published you will have to connect the device once to the internal network to get the certificate downloaded. Before you do that you need to reset the device to clear the certificate store, since you need the device to ask for certificates (if you didn’t do this the device would use the currently installed certificate when challenged by your internal OCS servers and not search for them in Active Directory). You reset the device by inserting a paper clip in the small hole on the back between the USB and headset connectors. Afterwards you can connect the device to the Internet and it will connect to the Edge server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: