In this entry I review the configuration steps for validating Mutual Transport Layer Security (MTLS) is enabled for traffic between an LCS 2005 SP1 Standard Edition Server and any Office Communicator 2005 Clients interacting with this Server within the Corporate Enterprise. I include installation of a Windows 2003 R2 Enterprise Certification Authority to issue the Enhanced Key Usage (EKU) Server Authentication Certificate Template to the LCS2k5 SP1 Server. Then, I configure the LCS2k5 SP1 Server to offer this Certificate to Office Communicator 2005 Clients when connecting. Additionally, I then show how to manually configure the Office 2005 Communicator clients to use MTLS over TCP instead of just TCP. There are several practices offered here that should be used only in a 'testing scenerio'. Those practice include:کد:http://itprosecure.com/blogs/live_communication_server_2005_sp1_certificate_configuration/archive/2007/03/10/configuration-steps-for-mtls-communication-between-enterprise-lcs-2005-sp1-server-and-office-communicator-2005-clients.aspx
Installation of an Enterprise Root Certification Authority (ER-CR) on an Active Directory Domain Controller
Installation of a Single Certification Authority (CA)
Not Reviewing Backup and Restore Procedures for Key Management Components of the Certification Authority
Not Reviewing use of the Security Configuration Wizard (SCW) along with Group Policy Objects to further reduce Public Key Infrastructure (PKI) attack vectors
Here is the Network Environment detail (the specific Installation Steps are here):
LCS2k5 SP1 Standard Edition
MSDE Database
No Federation
No Archiving
No Access Proxy
Single Forest
Single Domain
Enterprise Client IM 'Text Only'
TCP Transport - Client to Server and Server to Client (I change this to MTLS over TCP)
Client Configuration - Manually Configured
No IPSec - Client to Server
موضوعات مشابه:
- Live Communication Server 2005
- پاک کردن Sql 2005
- Installation Steps for the ISA 2006 Management Pack for MOM 2005 SP1
- Learn how Microsoft Office Communicator 2005 works with Live Communication Server 2005
- live communication server 2005