LCS 2005 Standard to OCS2007R2 Standard: Part 4 LCS Certificates
Ok, TLS is paramount in LCS to OCS communication. I’m not trying to teach you LCS, but if you were like me and once the thing talked 5060 on TCP, you dusted your hands and got on with something else, then you need to review your LCS certificate situation.
Firstly then, check and if needs be reconfigure the LCS certificate you have in use.
The document notes the format for the certificate, I struggled to grasp it initially. However, simply, it needs to be a Web certificate with Subject Name:<YourServerName>.domainname.com with Subject Alaternative Name 1 of the same as the subject and then 2 as sip.domainname.com and as many sip.<enableddomainnames> as you have enabled in your LCS install
The simplest way to do this is using the LCS 2005 resource kit executable LCSCertUtil.exe which will be in the location you allowed it to install, typically C:\Program Files\Microsoft LC 2005\ResKit. It makes the whole process so simple. Remember you CA needs to have the format of ‘CAServer\CAServer’
Now add this to the LCS server, drill down to the pool, go to properties, Security, Select Certificate and pick the cert you just created. Now go to the General tab and configure your Mutual TLS entry to use the same certificate (If needs be create one, typically this talks on port 5061). Click ok to confirm your changes.
Now, the last few blogs have concentrated on putting LCS into peak condition, so it’s ready to go to the next phase of installation.