none
Lync certificates Front End / Publishing, are they the same?

    質問

  • Hello everyone,

    I'm about to deploy Lync mobility in a few days, and Im hoping someone could help me with my simple question:

    The Lync servers consists of 1 Lync FE and 1 Edge and a TMG for publishing Lync services.

    1.) My client uses digicert for all Lync certificates, my question is.. are the certificates being used by the Front end server the same certificate used by the publishing rule in TMG?

    2.) If no, so for Lync mobility setup, I need to create two CSRs for digicert?

    Thanks! This would help me a lot!

    2012年5月23日 15:45

回答

  • Hi,

    1. No, we cannot use a same certificate for both Front End Server and Reverse Proxy.

    2. Yes, you have to create two CSRs for digicert  in order to add subject alternative name entry into Front End Pool Certificate and Reverse Proxy Certificate.

    Regards,

    Kent

    • 回答の候補に設定 Kent-Huang 2012年5月31日 3:05
    • 回答としてマーク Kent-Huang 2012年6月1日 10:10
    2012年5月24日 9:15

すべての返信

  • you must "extend " the certificate used in TMG with  lyncdiscover.<sipdomain>

    and normaly you will have to extend the "private" certificates of your FE with lyncdiscover and lyncdiscoverinternal.<sipdomain>. After You install the Mobility service, the certificate wizard  will automaticaly set it in the certificate.

    Rgds

    JMF

    2012年5月24日 9:10
  • Hi,

    1. No, we cannot use a same certificate for both Front End Server and Reverse Proxy.

    2. Yes, you have to create two CSRs for digicert  in order to add subject alternative name entry into Front End Pool Certificate and Reverse Proxy Certificate.

    Regards,

    Kent

    • 回答の候補に設定 Kent-Huang 2012年5月31日 3:05
    • 回答としてマーク Kent-Huang 2012年6月1日 10:10
    2012年5月24日 9:15
  • Did your client pay digicert certificates also for internal servers (Frontend?) and not only for Edge and TMG?

    Why not installing an internal CA to provide certificate for the internal servers? 

    2012年5月24日 9:28