To support
TLS encryption between
IM and Presence Service and OCS, each OCS server must
have a signed security certificate. This signed certificate, along with the
root certificate of the Certificate Authority (CA) that signed the certificate,
must be installed on each OCS server.
Cisco
recommends that OCS and
IM and Presence Service nodes share the same CA. If
not, the root certificate of the CA that signed the
IM and Presence Service certificates must also be
installed on each OCS server.
Generally,
the root certificate of the OCS CA is already installed on each OCS server.
Therefore, if OCS and
IM and Presence Service share the same CA, there may
be no need to install a root certificate. However, if a root certificate is
required, see the following details.
If you are
using Microsoft Certificate Authority, refer to the following procedures in the
Interdomain Federation for
IM and Presence
Service on Cisco Unified Communications Manager for
information about installing the root certificate from the Microsoft
Certificate Authority onto OCS:
- Downloading the CA
Certification Chain
- Installing the CA
Certification Chain
If you are
using an alternative CA, the following procedure is a generic procedure for
installing root certificates onto OCS servers. The procedure for downloading
the root certificate from the CA differs depending on your chosen CA.