Tuesday, April 3, 2012

Certificate Wizard’s “Process Pending Certificates” is grayed out when processing a certificate for a Microsoft Lync Server 2010 Edge Server

It’s been around 6 months since I’ve done a Lync deployment and maybe I’m just getting old but I totally forgot why the Process Pending Certificates option was grayed out in the Certificate Wizard when I was trying to process a request I issued from the Lync Edge server with the response I received from GoDaddy.  Just in case I ever forget again in the future, I thought it would be good to write this post so I can have something to reference to in the future.

Problem

You need a certificate for your Microsoft Lync Server 2010 Edge server and have proceeded to generate the request from the Certificate Wizard:

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

Everything proceeds as you expect but after you receive your response from the public Certificate Authority, you notice that the Process Pending Certificates option in the Certificate Wizard is grayed out:

image

Solution

Those who are familiar with Microsoft OCS 2007 would remember that you would always get the option to process a certificate if you issued an offline request but in the case of Microsoft Lync Server 2010, what you need to do after you generate an offline request is to use the Certificates MMC snap-in to process the request.

Proceed with clicking on Start –> Run and type in mmc:

image

Add the Certificates snap-in for the Local Computer and then navigate to Certificates –> Personal –> Certificates:

image

Right click on the Certificates node and select All Tasks –> Import…:

image

Proceed through the wizard and import the response file from the issuing certificate authority:

image

image

image

image

image

… and that’s it.  I really wished it was a bit more intuitive but I assume there’s a reason why Microsoft designed it this way.  Note that you can only import the response once so if you find that you imported the response to the wrong store, you can’t simply re-import the response.

It’s also worth while to double click in the certificate to ensure that you don’t see the following message:

Windows does not have enough information to verify this certificate.

image

If you notice that this is displayed, import the issuing authority’s trust chain into your Trusted Root Certification Authority:

image

image

image

2 comments:

Róman said...

The only thing you have to do after requesting a certificate is to press the REFRESH button to get the process button to be active ;)

Róman said...

..that is when you're doing an ONLINE request. In your example you're doing an offline request. In that case the processing should be offline/manual as you described.

If you do an online request, Lync can handle the whole process from beginning to end. Including the import of certificates.

roman