When trying to log in from an iPad or iPhone you may run across the error message: “Can’t verify the certificate from the server. Please contact your support team.” Something I’ve noticed through experience working with anything from the Unified Communications suite from Microsoft is that certificates always play a central role. A lot of people tend to struggle setting their certificate infrastructure up just right. Let it be internal certificates used on external interfaces or firewalls exposing certificates that do not support the domain name being provided.
Below are a couple of potential reasons why this error message shows up:
- Your CA certificate is not trusted. This is a very common scenario as many people use an enterprise CA or self signed certificate that is not recognized by the iPad. If you’re using a Microsoft CA then you can go to https://CAServer/Certsrv and install the CA’s certificate on your iPad which should address this. As with any device CA trust is key. As you can expect, Microsoft strongly recommends using a public trusted CA instead of a private one. I would recommend that as well, there are some re-seller of cheap certificates like Commodo that you can find (buying directly from them is not the cheapest I’ve found).
- The issue I had been struggling with was that I wasn’t using an edge server and I was just forwarding the 5061 port. The certificate used for that communication probably caused the issue and until I deploy an edge server I won’t know for sure. In this scenario the certificate published by port 5061 was the one used for internal communications but on the list of alternative names the public one was also displayed. The communicator client for Mac or PC were working fine. The best practice though is to achieve communication with remote clients through the use of the Lync 2010 Edge server, and I would recommend that. Once I’ve completed the set up on my environment I’ll update the post.