Sign in
 
HomeOnline20132010Interop ProgramsLibraryForumsGalleryLync Blogs
TechCenter >
Edge Server Internal interface certificates

Answered Edge Server Internal interface certificates

  • Wednesday, May 04, 2011 9:05 AM
     
     
    Sign In to Vote
    0

    Hi,

    I am bit confused about edge server internal interface certificate. Scenario is

    Internal domain = mocs.local

    SIP domain    = lync.prov.com

    similarly,dialin = dialn.prov.com and etc.

    My question is when I generate a certificate request for internal certificate do i have to add SAN NAME for my sip domains as well. i.e. sip.lync.prov.com etc. Currently, the certificate only have a subject name of my edge server fqdn which is lyncedge.mocs.local.

    thanks in advance

     

     

     

     

     

All Replies

  • Thursday, May 05, 2011 9:49 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Your current certificate will work for internal users,the certificate for internal interface just requires the SN match to the edge server's FQDN.

    More information  please refer:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • Friday, May 06, 2011 8:13 AM
     
     
    Sign In to Vote
    0

    Thanks Sharon

     
  • Wednesday, February 22, 2012 7:26 PM
     
     
    Sign In to Vote
    0

    Sharon,

    I have a enterprise lync deployment, using an edge pool. For the edge server cert wizrd:

    When I run the certificate wizard on the internal cert, it just puts a subject name (edge pool fqdn) "edgepool.domain.com" and the Subject Alternative Name field is blank.

    Do I need to add in manually the fqdn off the edgepool server member as well on the next screen (and therefore needing a SAN cert) or can I get by with a simple certificate if i do not need to add in the member?

    I need to use public CA since an internal CA is not an option for me.

    Josh


    • Edited by iconoclast88 Wednesday, February 22, 2012 7:27 PM
    •  
     
  • Wednesday, February 22, 2012 9:02 PM
     
     Proposed
    Sign In to Vote
    0

    http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/3c158222-55eb-4b7c-8086-7769b9731db9 my question was answered here....

    • Proposed As Answer by iconoclast88 Wednesday, February 22, 2012 9:02 PM
    •  
     
  • Wednesday, February 22, 2012 10:48 PM
    Moderator
     
     Proposed
    Sign In to Vote
    1
    In a single-Edge server deployment (not an aarray or pool) the internal Edge certificate should not be a SAN certificate and only uses the Edge Server FQDN as the certificate's Common Name.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    • Proposed As Answer by Josh Fernando Wednesday, February 22, 2012 11:55 PM
    •  
     
  • Thursday, February 23, 2012 2:48 AM
     
     
    Sign In to Vote
    0
    Thanks for the input Jeff.