You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 8
Next »
You can change the certificate installed on the
Unable to show "metadata-from": No such page "_space_variables"
system by obtaining the signed certificate from a Trusted CA or
from a local Stand-Alone Windows Certificate Authority, and importing it as outlined in the instructions on this page.
Importing a Server Certificate
If your node has a SHA-2 256 signed server certificate, the SBC will not interoperate with Lync 2010 or earlier OCS/Lync versions. The signature algorithm (
sha256WithRSAEncryption ) is shown in the Certificate panel of the
Unable to show "metadata-from": No such page "_space_variables"
SBC Certificate page in the UI.
SHA2-256 Certificate Compatibility
SHA2-256 CA Certificates may be used for the SBA, SBC, and Lync 2013 Servers. Lync 2010 requires that all devices employ ALL SHA1 Certificates. For more information see the Microsoft SHA1 Deprecation Policy.
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Security > SBC Certificates > SBC Edge Certificate.
Key Usage Field Descriptions
Enhanced Key Usage
This field displays the enhanced key usage regarding the purposes for which the subject's public key may be used.
TLS Web Server Authentication usage purpose is required in order to be compatible with some browsers.
Key Usage
Displays the key usage for defining the purposes of the key contained in the certificate.
Non-repudiation service purpose is disallowed in order to be compatible with some browsers.
To import an X.509 signed certificate:
Select X.509 Signed Certificate from the Import menu at the top of the page.
Import X.509 Signed Certificate
Chose the import mode (Copy and Paste or File Upload) from the Mode pull-down menu.
- If you chose File Upload:
- Use the Browse button to find the file
- Click OK.
- If you choose Copy and Paste:
- Open the file in a text editor.
- Paste the contents into the Paste Base64 Certificate text field.
- Click OK.
To import a PKCS12 Certificate and Key:
Importing PKCS12 Certificate Guidelines
- The PKCS12 certificate must not be a chain, but only as the SBC certificate pair.
- When importing a PKCS12 certificate, the Trusted CA certificates must be imported as a chain if there are both intermediate CA and root CA certificates.
Select PKCS12 Certificate and Key from the Import menu at the top of the page.
Import PKCS12 Certificate and Key
Enter the password used to export the certificate in the Password field.
Import PKCS12 Server Certificate
Browse for the PKCS certificate and key file.
- Click OK
Verifying the Signed Server Certificate
Once you have imported the Signed Server Certificate:
- In the Issuer panel, ensure the Common Name field has changed from Self-Signed to the issuer's Common Name.
- In the Certificate panel,
- Ensure that the Enhanced Key Usage field indicates TLS Web Server Authentication.
Ensure that the Verify Status field indicates OK.
If the Verify Status field does not indicate OK, repeat the steps aboveto obtain a valid certificate.
Verify Signed Server Certificate