Friday, September 08, 2006

Using LCS 2005 with multiple domains

Over at the new UCG blog there's a post on how to support multiple domains in LCS.

It will tell you how to use autoconfiguration of Office Communicator (Using DNS not Group Policies) in a multi-domain environment and it shows you how to enable Enhanced Federation for your primary domain, while allowing for Direct Federation for "secondary" domains in your company using Subject Alternate Names in your certificates.

Read more at Configuring LCS 2005 w/ SP1 for Multiple Domains.

I'm currently investigating where/if we can buy commercial certificates for the Access Proxies that support Subject Alternate Names and whose Root CA's are part of the standard Windows Server 2003 list of Trusted Root CA's. I chatted with a customer representative at Verisign and the answer was a firm no, but after some discussion she told me that they would get back with further info. The last time I looked I couldn't find anyone, but I've been told that some Microsoft customers have been able to do so - I will be back with further info.

3 comments:

Fuzzy said...

Did you find a vendor for those certificates?

Dennis Lundtoft Thomsen said...

Sorry for the late answer - I have been on vacation ;-) I did find that VeriSign has a MPKI (Managed PKI) SSL offering, that includes the ability to issue certificates with multiple domain names. Its part of their Enterprise offering though, so you will need to contact their sales for help on getting an enterprise account.

Andrew Codrington said...

Thanks for the mention in your other post Dennis.

If you need just a couple domains our Advantage Certificates may serve well, for more complex deployments our new Unified Communications Certificates are big bruisers that can handle up to 10 domains. http://www.entrust.net/

Let me know if you've got questions!

Cheers,
Andrew
http://trustme.goingon.com