Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007

Aaron Tiensivu's Blog

Certifications

3Com IP Telephony

Citrix CCA

CompTIA A+

MCITP: Enterprise Admin

MCITP: Enterprise Messaging Admin

MCITP: Server Admin

MCSE 2000/2003/2008: Messaging

MCTS: BDD 2007

MCTS: Forefront

MCTS: Hyper-V

MCTS: Live Communications Server 2005

MCTS: MDOP

MCTS: Office Communications Server 2007

MCTS: Win Mobile 5

Microsoft MVP

Categories



All categories

RSS

Last Google search to here

hyper v mmc
winsxs
zune software server 2008
HOw many cell towers in my area
windows live wave 3 beta

Monday, April 7. 2008

Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007

I am asked about OCS/UM certificates quite a bit lately and I am always forgetting off the top of my head who is providing the certificates. Choosing a provider is key for PIC (interaction with public IM networks) and ease of federation with other companies. One pain point you can avoid by going with a "big name" is that they are most likely already a trusted authority in your smartphones and computer systems.

If you want a list of providers that have been 'blessed' by Microsoft for UM certificates, read KB article 929395.

Update #1: Tom Pacyk left a great comment about this entry:

"What you don't see though is that there's only ONE of those that shows up by default in XP, Vista, Mobile 5, and Mobile 6 and that's Entrust. We've been recommending them to our clients for certs and it's worked out great.

As far as defaults...
GoDaddy and Comodo aren't in Vista.
Comodo and Digicert aren't in WM5.
Digicert is not in WM6.

Update #2: One of the things I love about this site is that I get almost immediate feedback when something I post is either popular, or incorrect. In this case, Digicert contacted me to let me know that due to an agreement between EnTrust and them, the information about DigiCert in Update #1 is not accurate. I don't want to spread false information out there so that is why Update #2 exists.
in Microsoft, OCS / LCS, Unified Comm at 14:24 | Comments (7)
1959 hits

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

What you don't see though is that there's only ONE of those that shows up by default in XP, Vista, Mobile 5, and Mobile 6 and that's Entrust. We've been recommending them to our clients for certs and it's worked out great.

As far as defaults...
GoDaddy and Comodo aren't in Vista.
Comodo and Digicert aren't in WM5.
Digicert is not in WM6.

So to avoid pains of dealing with certs, you're left with Entrust at $600/year.
#1 Tom Pacyk (Homepage) on 2008-04-07 17:47 (Reply)
I'd like to offer a small correction: DigiCert certificates really are trusted by default in WM5 and WM6. Our certificates are issued from the same Entrust root that Entrust uses (due to a partnership arrangement.)

Best wishes,

Paul Tiemann
Director of CA Operations
DigiCert, Inc.
#1.1 Paul Tiemann (Homepage) on 2008-04-10 12:42 (Reply)
Awesome - this is good timing. I just brought up Exchange 2007 and I was having difficulty with my standard cert with OCS 2007 using Network Solutions. Looks like I'm moving to Entrust.
#2 Ken Thomas on 2008-04-09 00:39 (Reply)
I completely agree. Entrust all the way! The cost may be more, but your ROI from purchasing an Entrust certificate is instant returned as you won't have to spend the extra costs on administration having to deal with ensuring certificates are properly installed on your mobile devices or whichever Windows Operating System you are using. Heck, I even consider buying an Entrust certificate saving money due to the savings from administrative efforts and time wasted dealing with other certificates. I've been pushing Entrust for quite a while and will continue to do so.
#3 Elan Shudnow (Homepage) on 2008-04-09 16:02 (Reply)
I don't have any evidence but personal experience, but my GoDaddy certs have worked fine on all of the listed platforms. I haven't had to import my certs onto any of the mentioned platforms to make the ssl work.
#4 Matthew Loraditch on 2008-04-10 22:12 (Reply)
My comment was based purely on looking at what root certs exist in each of those OS's. Obviously that doesn't account for a CA that's actually issuing their certs from someone else's Root CA (as the the case is for Digicert). So it sounds like Digicert is certainly a viable alternative if that's true. I'll check them out for sure now.

Matthew, you haven't had to deal with installing cert chains at all? My understanding of GoDaddy was that they issued their certs from some kind of intermediate CA and you had to deal with installing the intermediate CA certs at first. Do you remember which cert "package" you bought from them?

For what it's worth, thanks for the original blog post Aaron. The information on what certs work well and which don't is completely non-existent. It'd be nice to get a good consensus of this so any discussion at all is an improvement.
#5 Tom Pacyk (Homepage) on 2008-04-11 17:39 (Reply)
Update #3: I purchased a UCC certificate from Entrust last Thursday (April 10th). I received an email on Friday stating that it should take 3-5 days to complete the verification process. Okay, that's fine...I don't need to install this until late Tuesday as that's when I'm rolling out OWA from the Exchange 2007 server. I get a call on Monday morning at 6AM!!! from Entrust. The rep, after hearing my "you just woke me up voice" says, "Oh, I just noticed you're on the west coast I'm sorry." So that wasn't the best way to start off with a new customer. They told me that I couldn't be listed as the Technical Contact and Authorized Contact. Hmm, okay whatever. I gave them my bosses (CFO) contact. What do they do...try to reach him at 6AM!!! Anyways, after waiting another 3 days I finally received the cert today which is one week later. Also, if you need to get a hold of them for the verification process or for technical support over the phone you'll be stuck at leaving them a voice message and praying that they call the number you left. Their operator said they are drastically undermanned at the moment. Well at least I wasn't shipped over to India :-)
#6 Ken Thomas on 2008-04-18 02:14 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications
Standard emoticons like :-) and ;-) are converted to images.
 
 

Links

 My e-mail address

My wife's website

LinkedIn

Add to Technorati Favorites

Exchange:

Matt Wade's blog

Elan Shudnow's blog

Project Server:

Dave Gochberg's blog

Other:

XsX mouse cursors

XsX shadowed cursors

Search this blog

Calendar

Back October '08 Forward
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

Creative Commons Restrictions

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

IM me on Live Messenger


Windows Live Alerts

Translate this page