Friday 26 June 2009

OCS 2007 R2: The absolute importance of correct SSL certificate generation and configuration: Syncronizing the Address Book

Are you getting Address Book errors like this?

The likihood is that you have SSL Certificate configuration issues. Either with the generation of the Certificate, the configuration of the Certificate, or the validation checking of the Certificate.

Most internal deployments if an internal CA is available will use it, so if using this method here are the three steps to check:

1. Ensure you install the Certificate Chain when configuring your Certificate through the OCS 2007 R2 Deployment Wizard, this will be a PB7 file. Ensure you download it as DER format and note Base64 encoded, otherwise the Wizard will complain the Cert is corrupt.

2. Check that all clients can locate the .CRL URL of the Certificate presented to them so they can check it's validity:

You can check the URL in a browser window:

3. Ensure you have performed the manual step of configuring IIS7 to use the Certificate, the Address Book URL is reached over SSL only so IIS must support this method.

Once that is done you should be able to see the Address Book:

Oliver Moazzezi

MVP - Exchange Server

No comments: