none
certificates inquiry

    Question

  • greetings! may I ask for guidance about certificates, especially now that i cant continue installing lync because i'm stucked with the certificate issue. I'm a newbie to this

    present set-up:

    server1
       dc, win2008r2, serv1.local
       192.168.0.200 - ip
       255.255.255.0 - sm
       192.168.0.1 - gateway (router)
       192.168.0.200 - dns
    server2
       exchange2010, mail.local
       192.168.0.201 - ip
       255.255.255.0 - sm
       192.168.0.1 - gateway (router)
       192.168.0.200 - dns
    server3
       lync2010, lync.local
       192.168.0.203 - ip
       255.255.255.0 - sm
       192.168.0.1 - gateway (router)
       192.168.0.200 - dns


    questions:

    1.  can i use free ca for my set-up? if yes, where can i create and how can i install the ca?
    2.  do i need to install ca for every server?
    3.  in the future if i buy ca, where can i get one? how many, etc? 

    thanks


    Tuesday, February 14, 2012 4:55 AM

Answers

  • Hi,

    1. You can use internal CA certificate on Lync FE,  but for edge and reverse proxy requiredd public certificate. You can install the CA on windows 2008 box , but it is not recommended on DC. http://d3planet.com/rtfb/2009/11/10/install-certificate-services-on-windows-server-2008-r2/

    2.  No , one CA can issue multiple certificates for different applications like Lync , exchange etc.

    3.  You can request certificates from public CA like Godaddy,entrust etc. You need create a certificate request and public CA will issue a certificate based on the request for a defnite period.

    Thanks

    Tuesday, February 14, 2012 5:14 PM
  • As Saleesh mentioned you can use an Internal CA for your internal certificates, then 2 Public CA Certificates for your Edge and Reverse Proxy. No you do not need to install a CA on every server, you install your CA on 1 server, which will provide certificates for all computers/users in your AD domain. you cant buy a CA, you can buy a certificate to use to publish your Lync deployment on the internet. I suggest using GoDaddy UCC Certificates and they are cheep, just under $100. but rememeber you will need 2 of them!

    If this post answered your question, Mark As Answer If this post was helpful, Vote as Helpful http://lyncme.blogspot.com

    • Proposed as answer by Tim_MCP Monday, February 20, 2012 3:33 PM
    • Marked as answer by Noya LauModerator Thursday, February 23, 2012 12:47 PM
    Monday, February 20, 2012 3:33 PM

All replies

  • Hi,

    1. You can use internal CA certificate on Lync FE,  but for edge and reverse proxy requiredd public certificate. You can install the CA on windows 2008 box , but it is not recommended on DC. http://d3planet.com/rtfb/2009/11/10/install-certificate-services-on-windows-server-2008-r2/

    2.  No , one CA can issue multiple certificates for different applications like Lync , exchange etc.

    3.  You can request certificates from public CA like Godaddy,entrust etc. You need create a certificate request and public CA will issue a certificate based on the request for a defnite period.

    Thanks

    Tuesday, February 14, 2012 5:14 PM
  • As Saleesh mentioned you can use an Internal CA for your internal certificates, then 2 Public CA Certificates for your Edge and Reverse Proxy. No you do not need to install a CA on every server, you install your CA on 1 server, which will provide certificates for all computers/users in your AD domain. you cant buy a CA, you can buy a certificate to use to publish your Lync deployment on the internet. I suggest using GoDaddy UCC Certificates and they are cheep, just under $100. but rememeber you will need 2 of them!

    If this post answered your question, Mark As Answer If this post was helpful, Vote as Helpful http://lyncme.blogspot.com

    • Proposed as answer by Tim_MCP Monday, February 20, 2012 3:33 PM
    • Marked as answer by Noya LauModerator Thursday, February 23, 2012 12:47 PM
    Monday, February 20, 2012 3:33 PM