Certificates - Have I got all the domains covered?

• 1. března 2012 6:59

   

   
  

  0

  Hi everyone,

  We've just grown from a single SIP domain to having another 5, subsequently we're now going through the process of updating our external certificates as well as soon adding mobility to the mix. I want to make sure I have all the domain names covered on new certificates so we don't have to purchase more due to an oversight.

  1. Can there be a single lyncdiscovery external record for multiple SIP domains or must there be a different one for each SIP domain and thus separate SANs in the certificate?
  2. Anyone see any issues with the below setup?

  Main SIP Domain: old.com

  Additional SIP Domains: new.com, au.new.com, cn.new.com, hk.new.com and uk.new.com.

  The simple URLs and external web services are going to be: dialin.new.com, meet.new.com/XX/meet (Replace XX with country codes from additional SIP domains) and sipproxy.new.com.

  The edge domains are going to be: sip.new.com, conf.new.com, av.new.com

  Based on the above I believe I need the following certificates:

  Reverse Proxy Certificate

  • Common Name: sipproxy.new.com
  • Alternative Name: meet.new.com
  • Alternative Name: dialin.new.com
  • Alternative Name: lyncdiscover.new.com
  • Alternative Name: lyncdiscover.au.new.com
  • Alternative Name: lyncdicsover.cn.new.com
  • Alternative Name: lyncdiscover.hk.new.com
  • Alternative Name: lyncdiscover.uk.new.com

  Edge Server Certificate

  • Common Name: sip.new.com
  • Alternative Name: conf.new.com
  • Alternative Name: av.new.com

  Thanks everyone.

  • Reagovat
  • Citovat