Self Signed Certificates Issued to Polycom Lync Phone Devices – causes additional certificate authentication pop-ups for other certificate dependent services
December 2, 2011
Posted by on
Woohoo – this is fixed, go here for the hotfix: http://support.microsoft.com/kb/2710995
Posted this, here: http://social.technet.microsoft.com/Forums/en-US/ocsclients/thread/340c2fe9-a9bb-449b-8498-0f9c5699d566 a while back, anyone else having same problem? Off the back of another support call I spoke with an escalation engineer and he agreed that it was a significant issue, but couldnt confirm when it would be resolved. Do let me know if you’ve found a way for these polycom devices and 802.1x eap authentication to work without irritating popups.
I’ve just configured a pilot Lync2010 pool with the eventual intention of deploying lync handsets across the organisation.
Everything seems to work great, delighted with the polycom hardware (cx600).
However, when i sign into Lync, and my device retrieves a certificate (that seems to be deposited in my personal cert store as well), this certificate causes problems with:
-EAP authentication to the vpn
What happens is when i connect to wireless i now have to choose between my lync cert and the company cert, the lync cert is not trusted as is not issued by a trusted authority (clearly). This isnt a big deal to me but extra prompts are a major deployment blocker for my users!
Is there no way to get Lync to use certificates issued from our enterprise CA as opposed to it’s own, then we’d have a single personal certificate for all these services?
Using DHCPUtil.exe i have pointed my device at my ent CA, but it still gathers a self-signed cert from the lync server.
I dont believe i’m the only person to run into this issue: http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/8358d4b1-9d55-40bf-bb7e-c09e0cb90327/.