Response group certificate error

Got a certificate error when i tried starting the response group service today.

The provided certificate is not valid.

There was a problem validating certificate: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘<poolname fqdn>’ but the remote endpoint provided DNS claim ‘<fqdn in a sip domain>’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘<fqdn in a sip domain>’ as the Identity property of EndpointAddress when creating channel proxy.

Turns out that the last SAN in the certificate needs to be the same as the CN in the certificate, which should be your pool FQDN. The service will fail if it isnt.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s