1. března 2012 6:59
We've just grown from a single SIP domain to having another 5, subsequently we're now going through the process of updating our external certificates as well as soon adding mobility to the mix. I want to make sure I have all the domain names covered on new certificates so we don't have to purchase more due to an oversight.
- Can there be a single lyncdiscovery external record for multiple SIP domains or must there be a different one for each SIP domain and thus separate SANs in the certificate?
- Anyone see any issues with the below setup?
Main SIP Domain: old.com
Additional SIP Domains: new.com, au.new.com, cn.new.com, hk.new.com and uk.new.com.
The simple URLs and external web services are going to be: dialin.new.com, meet.new.com/XX/meet (Replace XX with country codes from additional SIP domains) and sipproxy.new.com.
The edge domains are going to be: sip.new.com, conf.new.com, av.new.com
Based on the above I believe I need the following certificates:
Reverse Proxy Certificate
- Common Name: sipproxy.new.com
- Alternative Name: meet.new.com
- Alternative Name: dialin.new.com
- Alternative Name: lyncdiscover.new.com
- Alternative Name: lyncdiscover.au.new.com
- Alternative Name: lyncdicsover.cn.new.com
- Alternative Name: lyncdiscover.hk.new.com
- Alternative Name: lyncdiscover.uk.new.com
Edge Server Certificate
- Common Name: sip.new.com
- Alternative Name: conf.new.com
- Alternative Name: av.new.com
1. března 2012 7:22
As i can see you have got all the names covered, except for the old.com domain. is this getting removed ? or r u reusing the old certificate seperatley ?
As for the lyncdiscover, a seperate host a record should exist externall for each seperate domain you have. as per below
- Označen jako odpověď _MarkH_ 1. března 2012 8:47
1. března 2012 8:47
Thanks for that. I forgot to mention we will be keeping some of the old.com FQDNs such as meet.old.com, but as for others such as dialin we don't use so no need to keep it.
It's unfortunate that the mobile clients can't be cnamed to a different domain (i.e. have lyncdiscover.au.new.com and lyncdiscover.cn.new.com both cname to lyncdiscover.new.com) and only use the certificate for the ultimate destination.
Thanks again Hany.