Certificates for Enterprise Pools and Standard Edition Servers

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2016-12-01

Internal Office Communications Server 2007 R2 servers that require certificates include Standard Edition server, Enterprise Edition Front End Server, and Director. The following table shows high-level certificate requirements for internal Office Communications Server servers. Although an internal Enterprise certification authority (CA) is recommended for internal servers, you can also use a public CA. For a list of public CAs that provide certificates that comply with specific requirements for unified communications certificates and have partnered with Microsoft to ensure they work with the Office Communications Server Certificate Wizard, see article Microsoft Knowledge Base 929395, "Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007," at https://go.microsoft.com/fwlink/?LinkId=140898.

The following tables show certificate requirements by server role for Enterprise pools and Standard Edition servers.

Table 1. Certificates for Standard Edition Server Topology

Server role	Recommended CA	Subject Name/ Common Name	Subject Alternate Name	Comments
All server roles (which are collocated)	Enterprise CA	FQDN of the Standard Edition server	If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs.	The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Components Server.

Table 2. Certificates for Enterprise Pool: Consolidated Server Topology

Server role	Recommended CA	Subject Name/ Common Name	Subject Alternate Name	Comments
All server roles (which are collocated)	Enterprise CA	FQDN of the pool For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SN or Subject Alternate Name.	If you have multiple SIP domains and have enabled automatic client configuration, the wizard detects the SIP domains, adds them to the Subject Alternate Name, and then adds each supported SIP domain FQDN. For the Web Components Server role, the certificate must have the URL of the internal Web farm in the Subject Alternate Name (if the FQDN is different from the pool FQDN).	The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name. The certificate must be installed on each server in the pool. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Components Server.

Table 3. Certificates for Director, Standard Edition Topology

Server role	Recommended CA	Subject Name/ Common Name	Subject Alternate Name	Comments
Director	Enterprise CA	FQDN of the Standard Edition server	If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN.	The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name.

Table 4. Certificates for Director, Enterprise Pool Topology

Server role	Recommended CA	Subject Name/ Common Name	Subject Alternate Name	Comments
Director	Enterprise CA	FQDN of the pool	If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN.	The wizard detects any SIP domains you specified during setup and automatically adds them to the Subject Alternate Name.