none
Lync Client Authentication

    Question

  • How a lync client is creating certificate for itself for authentication? CA authenticates its but then also why is it not showed in server certificate manager ?
    Friday, February 04, 2011 12:28 PM

All replies

  • The Lync client does not create a certificate for itself.  The client validates the server certificate in order to make a secure connection to the server.  You should see the CA that issued the server's certificate in the client's trusted root CA store in the computer certificates mmc

    Mark


    Mark King | MVP: Lync Server | MCTS:UC Voice | MCSE: Messaging | MCITP:Enterprise Messaging | www.unplugthepbx.com
    • Proposed as answer by kshah1999 Friday, February 11, 2011 12:21 AM
    Sunday, February 06, 2011 3:22 PM
  • If client doesn't create a certificate then how does it validates with the server? The CA root certificate is there in Trusted root CA store, but how does the sever identifies the client without the certificate?
    Monday, February 07, 2011 5:45 AM
  • The server has a certificate issued by a Certificate Authority.  The client trusts that certificate authority.  Just as you go to a HTTPS web site from your bank or any other secure connection, you make a request to the server which provides you with a certificate from a CA that you trust and therefore you create a secure connection. 
    Mark King | MVP: Lync Server | MCTS:UC Voice | MCSE: Messaging | MCITP:Enterprise Messaging | www.unplugthepbx.com
    • Proposed as answer by kshah1999 Friday, February 11, 2011 12:21 AM
    Monday, February 07, 2011 8:27 PM
  • Hi there,

    I would like to add that the Lync server issues client based user certificates for each user that sign-in to lync,

    these certificates are specially useful when sign-in in from phone devices, so altough you can disable lync from issueing client certificates but it is not recommended since you will encounter problems with the lync devices.

     

    regards, 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
    Wednesday, February 09, 2011 11:21 AM
  • Hello,

     

    Agreed with Charbel on this matter.  Specially Lync certified phones like Polycom CX600, they required a valid certificate from CA or third part CA. So its recommended to keep your certificate enable. 

     


    Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/
    Wednesday, February 09, 2011 12:08 PM
  • Hello,

     

      if u open certmgr.msc from client side, you'll see a certificate for each user make valid log on on this client PC, the certificate is issued by communication server

    Ahmad Samir
    • Proposed as answer by Jexo Sunday, September 04, 2011 11:50 AM
    Sunday, August 07, 2011 8:19 PM