登入
 
首頁文件庫學習園地下載支援社群論壇
IT 專業人員的技術資源 >
Additional front end certificate question and duration of certificate?

問題 Additional front end certificate question and duration of certificate?

  • 2012年4月28日 下午 04:51
     
     
    登入以投票
    0

    After installing my first front end on my enterprise install, I noticed that the certificate (using an internal CA) was only good for 10 months. Thought that was odd, so my first question is, is that normal and if not, what or where do I need to be looking? The certificate wizard in Lync doesn't give you any option to define time length, so what will happen 10 months from now when it expires? Autorenew or will I be regenerating certificates every 10 months?

    In installing my second front end server, I didn't find any documentation on getting that generated certificate (marked exportable and with the first server's name in SAN section) over to the first server via Lync wizard, so guessed that it needed to be done via the MMC (Certificate snapin). That seems to have worked as far as I can tell, but there were certificate exporting options (off by default) I did not choose and just wanted to make sure I was following best procedure.

    Thanks.

     

所有回覆

  • 2012年4月28日 下午 09:07
     
     
    登入以投票
    0
    Open the mmc on your CA server and add the certificate templates snap-in. Then look for the template you have used (Web server template). You can change the time duration of your template and have to configure a new template on the Lync server or create a new template with your default settings for your Lync server

    regards Holger Technical Specialist UC


     
  • 2012年4月29日 上午 02:47
     
     
    登入以投票
    0

    After I had posted the question, it dawned on me that it was probably my CA certificate that was going to expire in 10 months and that's why my generated certificates had that expire date as well. Thanks for the response anyway.

    Any comment concerning my second query concerning importing the generated certificate over to the other front end box?

     
  • 2012年4月29日 上午 10:28
     
     
    登入以投票
    0
    If your certificate include also the name of the second FE, you can export the certificate with the private key and import this certificate on the second FE.

    regards Holger Technical Specialist UC

     
  • 2012年4月29日 下午 10:50
     
     
    登入以投票
    0
    Yep, that's what I had done. Thanks for the confirmation.
     
  • 2012年4月30日 上午 09:21
    版主
     
     
    登入以投票
    0

    Hi,

    Export the certificate with private key and install it to other Lync servers in the pool is recommended. But you also can request new certificate for other each Lync FE server in the pool.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.