Creating and assigning certificates on OCS 2007 R2 Edge Server

By -

Creating and assigning certificates on OCS 2007 R2 Edge Server

So you now need to install certificates on the Edge server.

The following is the correct method to do the following.

In my scenario I have a server with 2 NICs -

Internal: 192.168.41.200

External: 87.219.43.22

***********

Internal CA for the following Certificates:

  • - A/V Edge Server role
  • - Internal Connection

Public Certificates for the following roles:

  • - Access Edge (SIP)
  • - Web Conferencing Role

Internal Certificates can be created from this and should be done on the ROOT CA SERVER (as your edge server is not on the domain):

  • · select “Create a new certificate”
  • · Choose which Interface you will create for (Internal or A/V for these)
  • · Prepare the request, and send immediately
  • · Name: Logical name for your interface, use DNS name, also ensure Include client EKU is ticked
  • · Fill in owner details
  • · Choose subject name (FQDN of DNS entry for interface role)
  • · Fill in regional details
  • · Cert is now created.
  • · NOW On the EDGE SERVER, copy the cert across to a local drive and then you should import this to “Personal” certificate store on local edge server machine and also the CA root certificate for your Internal CA in trusted root authorities.

For external certificates you need to do the following on the EDGE SERVER (This must be done on this server as the public key is stored on the server the request is made from):
  • · Under the Step 4: Configure Certificates for the Edge Server in the Edge Server rollout.
  • · select “Create a new certificate”
  • · Choose which Interface you will create for (Webconf or Access edge for these)
  • · Prepare the request, and send later (offline)
  • · Name: Logical name for your interface, use DNS name, also ensure Include client EKU is ticked
  • · Fill in owner details
  • · Choose subject name (FQDN of DNS entry for interface role)
  • · Fill in regional details
  • · Cert CSR is now created in a .txt file
  • · Take the contents of this .txt file and paste it into a request with your chosen SSL cert provider. We choose godaddy.com (€15 certs!!!)
  • · With godaddy.com we received a .crt file in return. Change the extension of this file to .cer
  • · Go to the Edge Server Certificate Step 4 once again and process offline or pending certificate.
  • · When this is done you can now assign the certificate using the same step 4.

NOTE: You must do this work for the public cert on the edge server itself as when you create the CSR it keeps the only copy of the public key on the machine itself. When you assign the .cer file from this machine it automatically picks up the public key (EKU).

You should not be up and running with your edge server and ready for firewall rules.

Comments

Post a Comment

Popular posts from this blog

Teams Device Health Monitoring and Reporting

By -
Image
 Microsoft have snuck in a nice new feature into the Teams Admin Center (TAC). We now see a new Notifications and Alerts  menu tree and below this Rules. When we go in here, we find only a single Default  Device State Rule with no option to create any new rules (yet at least...) When we edit this rule, we can see that we now have an option to monitor specific devices (think meeting room devices, collaboration bars etc.. here) Under Device users  we click on +ADD  then enter the name of the account, or accounts if you are monitoring multiple devices, associated with the device, such as the resource account. Then under Actions  we can choose either Channel alert  - to have a nice alert sent to our Teams Channel   OR Webhook  to use webhooks for alerting. Finally ensure to select Active  then Save. Once set up this will take maybe 15 mins to replicate and set up. Then once a device has gone offline, the alert will be sent "Immediately", how...
Read more

Unassigned Numbers in Microsoft Teams using Audiocodes SBC

By -
Image
Unlike Skype for Business, Microsoft Teams does not natively support the handling of Unassigned numbers in the system. So if someone leaves your organisation and you remove the number from them and someone tries to call it, the call will drop. Technically, Teams will return a "404 Not Found" back to the SBC and back on to the telco. What we can do here is to then assign the 404 error to a Route, change the Destination Number (to a call queue or to your main Reception number for example) and route it back to Teams. To do this there are a few simple steps: Step 1 – Create an Alternative Reasons Set Step 2 – Configure existing Teams IP Group to use the SBC Alternative Routing Reason Set Step 3 - Create new IPG Step 4 – Create a new route in IP-to-IP Routing Step 5 - Manipulate Numbers Step 6 – Test  Step 1 – Create an Alternative Reasons Set The first thing we need to do is create an " Alternative Routing Set ", we find this under Setup >> Signaling & Media ...
Read more

Skype for Business Edge Server replication troubleshooter

By -
Image
Many times in Skype for Business/Lync the main issue I come across is the deployment is that the edge server(s) fails to replicate. We see this when we run the command in Skype for Business Management Shell : Get-CsManagementStoreReplicationStatus and we see that the edge servers have False and no LastStatusReport or ProductVersion is shown as below. There are a number of things which can cause this and I am going to list them here. Try them in order here as this will contain the most common to the least common issues I found. Ø   Routing Ø   Firewall rules Ø   DNS suffix Ø   DNS (Local and LAN) Ø   Registry entries for SCHANNEL Ø   Certificates A check we can use to see if the replication is working can be done by trying to connect to the following URL from the Front End Server whish hosts the CMS: https://edgeinternalfqdn.domain.ie:4443/Replicationwebservice You should get the following screen: Without thi...
Read more