LCS 2005 Standard to OCS2007R2 Standard: Part 4 LCS Certificates

Ok, TLS is paramount in LCS to OCS communication. I’m not trying to teach you LCS, but if you were like me and once the thing talked 5060 on TCP, you dusted your hands and got on with something else, then you need to review your LCS certificate situation.

Firstly then, check and if needs be reconfigure the LCS certificate you have in use.
The document notes the format for the certificate, I struggled to grasp it initially. However, simply, it needs to be a Web certificate with Subject Name:<YourServerName> with Subject Alaternative Name 1 of the same as the subject and then 2 as and as many sip.<enableddomainnames> as you have enabled in your LCS install


The simplest way to do this is using the LCS  2005 resource kit executable LCSCertUtil.exe which will be in the location you allowed it to install, typically C:Program FilesMicrosoft LC 2005ResKit. It makes the whole process so simple. Remember you CA needs to have the format of ‘CAServerCAServer’

Now add this to the LCS server, drill down to the pool, go to properties, Security, Select Certificate and pick the cert you just created. Now go to the General tab and configure your Mutual TLS entry to use the same certificate (If needs be create one, typically this talks on port 5061). Click ok to confirm your changes.

Now, the last few blogs have concentrated on putting LCS into peak condition, so it’s ready to go to the next phase of installation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: