We are currently building additional OCS 2007 R2 Access Edge Servers to handle additional capacity. We ran into a SSL certificate issue when we were setting up the servers.
Before running the steps to Deploy an Edge Server, we successfully imported our SSL certificate that we use for external access on all of the new servers. After successfully completing the first three Deploy Edge Server steps one one of the new servers, we started working on Step 4: Configure Certificates for the Edge Server. After selecting Assign an existing certificate from the common tasks list and clicking Next to select a certificate, there were no certificates listed as shown below.
The first thing we did was to use the Certificates mmc snap-in to review the SSL certificate information. We noticed in the General tab that Windows does not have enough information to verify this certificate and in the Certification Path that the issuer of this certificate could not be found for the SSL certificate that we imported successfully earlier.
While troubleshooting, we learned that we could not access the URL for the certificate’s CRL to download the CRL file due to restrictive firewall rules between the new OCS 2007 R2 Access Edge Servers and the Internet.
After modifying the firewall rules, we were able to download the CRL file and when we reran Step 4 to assign an existing certificate, the certificate was listed.