I’ve blogged about Digicert before, but over the last few days I’ve had yet another change to use them and been seriously impressed!
I was setting up an OCS 2007 R2 lab and got to the section where I needed to setup Forefront TMG to proxy connections to the OCS Web Components on my Standard Edition front end.
I created the cert request using the certificate wizard in the OCS administrative tools as it is the easiest way I know to mark the private key as exportable.
Having done that I submitted the request to Digicert and, because it was a domain I have already validated, the certificate was issued within five minutes.
I installed the certificate on the Front End, exported it, and installed it on the Forefront TMG box.
Then for testing I accessed the relevant website externally. Things looked like they worked but on one device I got a trust error. It was late, and I didn’t have time to investigate so I left it.
The next day I received an email from Digicert as below:
We just ran an installation check on the DigiCert SSL certificate that you installed on proxy.domain.co.uk and it appears that the server needs to be configured for maximum compatibility. You will need to install the Intermediate certificates to the server in order to ensure compatibility with legacy browsers and mobile devices.
On Windows platforms, the easiest way to do this is to use our certificate utility. Just visit http://www.digicert.com/util and download the Certificate Management Tool. After running it on the server, click the Repair button. Some servers require restarting the services or restarting the whole server after making this change.
You can verify that the problem is fixed at http://www.digicert.com/help/index.htm?host=proxy.domain.co.uk
If you have any problems correcting this issue, please contact our helpful support team and we will be happy to help.
Now I knew about the utility and have blogged about it before, but to be told this is the problem proactively was brilliant!
I ran the utility, it installed the intermediate CAs properly and all is well!
Note: As an Exchange MVP, DigiCert has provided me certificates to use in test labs, without which I may not have had the opportunity to try their service.