GoDaddy won’t issue a UCC cert for a Lync pool with a private domain name

by | Dec 20, 2011 | OCS / Lync / Teams | 4 comments

A customer had a Lync 2010 environment with a pool name that used a private domain name and not an FQDN.  When we attempted to request a UCC certificate from GoDaddy.com from the CSR generated from the Lync Deplyment Wizard we recieved the error:

You must use a fully-qualified primary domain name for UCC Certificate Request.

We called GoDaddy and according to them there was no way around this.  So after attempting to generate a customized CSR with the Request-CsCertificate command without any success, we found how to manually generate a customized CSR using the certreq command.

First create an INF file called cert.inf with the following content:

[NewRequest]
Subject = “CN=name.company.com
Exportable = TRUE
KeyLength = 2048
MachineKeySet = True
FriendlyName=”Your Cert Friendly Name
KeySpec=1
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
[RequestAttributes]
CertificateTemplate=WebServer
SAN=”dns=meet.company.com&dns=dialin.company.com&dns=lync.company.local

Then use the command

certreq –new cert.inf cert.req

If you get an error about not having a template just ignore it.  Then open the cert.req file that was created in notepad and copy the CSR and paste it into GoDaddy.  I had to manually add my alternate names on the GoDaddy page, but it went through and I was then able to successfully import the cert into Lync.  The common name was the FQDN and one of the alternate names is the private pool name in Lync.

 

 

Read More Related Posts:

  1. Lync Enterprise Voice with Cisco or Adtran routers Lync Called Number Translation...
  2. Installing a Unified Communications SSL Certificate for Exchange 2007 Secure communications in an Exchange enterprise messaging environment is critical. ...
  3. CME and Lync RCC Integration This guide will go through the steps to setup Lync...
  4. Distribution Groups, Exchange 2007, and SharePoint 2007 To Distro or not to distro… Our customer needed distribution...

4 Comments

  1. Jason Nelson
    Jason Nelson on January 17, 2012 at 5:10 am

    For what it’s worth, you need to remove the fancy quotes from your code sample above. They were kicking causing certreq to kick an error regarding non x500 compliant characters. Thank you though for the quick how to.

    Jason Nelson
    Allixo Technologies

    • admin
      admin on February 22, 2012 at 1:48 pm

      Thanks for pointing that out! Now if I were a WordPress pro, I could figure out how to turn off that formatting “feature” since the code shows they are normal quotes.

  2. John
    John on February 27, 2013 at 2:33 pm

    I followed your instructions and GoDaddy issued the cert. Upon assigning the cert, though, Lync is now complaining that the “subject name “domain.com” does not match the computer FQDN.

  3. Marshall
    Marshall on March 11, 2013 at 12:12 pm

    That worked great!

    Sidenote: I agree with the first one. If you guys copy and paste this into notepad… make sure you go through and delete all the ” and type them again. It sounds silly but It doesn’t paste in the appropriate ” type.