IT tutorials
 
Applications Server
 

Microsoft Lync Server 2010 : Dependent Services - Public Key Infrastructure (part 3) - Understanding the Lync Server Certificate

12/11/2012 6:00:21 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Understanding the Lync Server Certificate

Viewing the certificate issued for Lync Server will help one understand what certificates are and how they get used. The easiest way to look at locally installed certificates is with the Certificates MMC.

1.
From the Run line, type MMC. Press Enter.

2.
From the File menu, choose Add/Remove Snap-In.

3.
From the available snap-ins, add Certificates.

4.
When prompted, select Computer Account, and then click Finish.

5.
Choose Local Computer. Click Finish.

6.
Click OK.

7.
Expand Certificates (Local Computer).

8.
Expand Personal.

9.
Click Certificates.

10.
Double-click the certificate to be viewed.

This view shows some basic information about the certificate. At the top, the certificate explains its intended purposes. Certificates are often used to ensure the identity of a remote system and the Lync Server certificate is no different. The certificate shows who it was issued to and who it was issued by. This is how other systems can trust a system using this certificate. They can check to see whether the name they asked for is listed in the certificate and whether the certificate was issued by a hierarchy that they trust.

The certificate also lists its validity period. This is important to realize as the certificate eventually expires. When it does, no other systems trust the certificate. Figure 10 shows that the system holds the private key that corresponds to this certificate. This gives one the potential to export the certificate and the associated public and private keys so that the same certificate can be used on other systems. This is common in situations where the certificate is used on load-balanced systems.

Figure 10. Viewing a Certificate


Note

By listing the load-balanced name in the certificate, clients connecting to any member of the load-balanced group trust the certificate, connect properly, and establish an encrypted session.


The Details tab on the certificate offers much more information, as follows:

  • Version— This is the type of template used to generate the certificate. Higher version numbers offer more customization of the template.

  • Serial number— This is a unique value used to identify a certificate.

  • Signature algorithm— This is the algorithm used to sign the certificate.

  • Signature hash algorithm— This is the algorithm used to create the signature hash.

  • Issuer— This is the canonical name of the CA that issued the certificate.

  • Valid from, Valid to— These values establish the lifespan of the certificate.

  • Subject— This is a canonical representation of the name of the certificate, including location information. It is important that the full name be unique if you are replacing another certificate that is still valid.

    Caution

    Most providers revoke an existing certificate if a new one is generated with the same subject name. This can cause an outage if you do not plan for it. Typically, a certificate provider allows you to register multiple OU values for naming constraints to avoid a perfect match to the subject name.


  • Public Key— This is the value remote systems use to encrypt data destined for the holder of the private key.

  • Certificate Template Name— This is the name of the template the CA uses to issue the certificate.

  • Enhanced Key Usage— This maps to a standard set of OIDs that define what a key can be used for. In the case of the Lync Server certificate, the value is 1.3.6.1.5.5.7.3.1, which means server authentication.

  • Subject Key Identifier— Path validation software uses this value by helping to identify certificates that contain a particular public key.

  • Subject Alternative Name— This is the field that lists the names to which the certificate can correctly match.

  • Authority Key Identifier— Path validation software uses this value to help identify the next certificate up in a certificate chain.

  • CRL Distribution Points— This field tells a system where to check for Certificate Revocation Lists (CRLs).

    Caution

    At least one of these paths needs to be reachable by a system that needs to trust the certificate. If a CRL can’t be found, the client is not able to verify that a certificate hasn’t been revoked and won’t trust it.


  • Authority Information Access— This value provides the network location for the issuing CA’s certificate.

  • Key Usage— This field defines what the keys can be used for.

  • Thumbprint algorithm— The algorithm used to generate the thumbprint of the certificate.

  • Thumbprint— A unique value identifying the certificate. Most applications that use certificates identify them by the thumbprint.

  • Friendly name— This is a name given to the certificate by the requestor to more easily identify a certificate. Administrators quickly realize that it’s much easier to spot a certificate by its friendly name than it is to use its thumbprint.

The last tab on the certificate is the Certification Path as shown in Figure 11. This is the quick-and-easy way to ensure a certificate is valid. Not only is there a simple statement of the certificate’s status, but if that status is invalid, you can quickly look at the chain to see where the problem is. You can even look at upstream certificates from the chain and view the same level of details on those. This makes it easier to troubleshoot issues such as expired intermediate CAs or inaccessible CRLs.

Figure 11. Viewing the Trust Chain

 
Others
 
- Microsoft Lync Server 2010 : Dependent Services - Public Key Infrastructure (part 2) - Certificate Types for Lync Server
- Microsoft Lync Server 2010 : Dependent Services - Public Key Infrastructure (part 1) - Installing Certificate Services
- Microsoft Lync Server 2010 : Dependent Services - Domain Name System, Network Dependencies
- Microsoft Lync Server 2010 : Dependent Services - Active Directory
- SharePoint 2010 : Customizing the Search Results and Search Center - Improving the User Experience (part 2)
- SharePoint 2010 : Customizing the Search Results and Search Center - Improving the User Experience (part 1) - Contextual Promotions
- Exchange Server 2010 : Standards and Protocols - Other Key Technologies Used by Exchange
- Microsoft Dynamics CRM 2011 : Viewing Campaign Results
- Microsoft Dynamics CRM 2011 : Converting a Campaign Response
- SharePoint 2010 : Customizing the Search Results and Search Center - Introducing SharePoint Search
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us