I have an Office Communications Server 2007 and an OpenSSL CA (which is actually managed by a different group).
Using the OCS Certificate Wizard I have been generating requests, but the Certificates I get back, while importing into the server without issue, are not trusted by the Communicator clients. I get the error "There was a problem verifying the certificate from the server. Please contact your System Administrator." This error also appears in the Application Log: Event Type: Error Event Source: Communicator Event Category: None Event ID: 5 Date: 1/15/2010 Time: 3:45:30 PM User: N/A Computer: workstation Description: Communicator could not connect securely to server servername.subdomain.domain.com because the certificate presented by the server was not trusted due to validation error 0x80ee0065. The issuing certificate authority (CA) for the server's certificate may not be locally trusted by the client, the certificate may be revoked, or the certificate may have expired. Resolution: A tool like winerror.exe from the Windows Resource Kit or lcserror.exe from the Office Communications Server Resource Kit can be used in order to interpret the error code listed above. If you trust the server certificate, the issuing certificate authority (CA) certificate can be placed in the local trusted root certificate authorities certificate store. If you have logged into the server before without issues the network administrator should carefully examine the certificate if no known configuration changes have been made. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Now I have verified that this CA's certificate appears in the Trust Root Certification Authorities of the OCS server (and the workstation). So I guess my question would be, is anybody else out there using OpenSSL to generate certificates for OCS 2007? Do I need to generate them in a different way (other than the OCS Cert Wizard) or do they need to be submitted to the OpenSSL CA in a special way? Just looking for some guidance as this has been a roadblock for a while now. Thank you very much for you time, Michael Rausch ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
