locked
Director external Certificate RRS feed

  • Question

  • If we plan to add director for external auth.

    We need add one more SAN for dir01.contoso.com

    like below: 

    dir01.contoso.com

    web01.contoso.com

    lyncdiscover.contoso.com

    Or only publish dir01.contoso.com can replace front end web services web01.contoso.com?

    Thanks.

    Friday, October 20, 2017 2:30 PM

Answers

  • Hi,

    Your Director needs to having the FQDN of the server or pool, and all your simple URL's, so you're a little off.

    Run the Certificate wizard and it will take care of this for you.

    You might want to reconsider adding a Director to your environment. The Director role is being dropped in Skype for Business Server 2019. I see little point in introducing a component to an environment that will only need to be removed should you upgrade to Skype for Business Server 2019 next year.

    Kind regards
    Ben


    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems.

    • Marked as answer by JohnHK215 Monday, October 23, 2017 10:38 AM
    Friday, October 20, 2017 4:03 PM
  • Hi Mick,

    Agree with Ben, You need to add following SANs or use a wildcard certificate for Director.

    Web internal

    FQDN of the server

    Each of the following:

    • Internal web FQDN (which is the same as the FQDN of the server)
    • Server FQDN
    • Skype for Business pool FQDN

    AND

    • Meet simple URLs
    • Dial-in simple URL
    • Admin simple URL

    OR

    • A wildcard entry for the simple URLs

    Web external

    FQDN of the server

    Each of the following:

    • External web FQDN

    AND

    • Meet simple URLs per SIP domain
    • Dial-in simple URL

    OR

    • A wildcard entry for the simple URLs

    You could refer to the following link(find the topic : Certificates for the Director:)

    https://technet.microsoft.com/en-us/library/dn933910.aspx#Certificates


    Best Regards,

    Leon-Lu
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, October 23, 2017 6:48 AM

All replies

  • Hi,

    Your Director needs to having the FQDN of the server or pool, and all your simple URL's, so you're a little off.

    Run the Certificate wizard and it will take care of this for you.

    You might want to reconsider adding a Director to your environment. The Director role is being dropped in Skype for Business Server 2019. I see little point in introducing a component to an environment that will only need to be removed should you upgrade to Skype for Business Server 2019 next year.

    Kind regards
    Ben


    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems.

    • Marked as answer by JohnHK215 Monday, October 23, 2017 10:38 AM
    Friday, October 20, 2017 4:03 PM
  • Ok, so , Director is not totally replace external web service? We need add one more SAN for Director? Thanks.
    Saturday, October 21, 2017 7:24 AM
  • Hi Mick,

    Agree with Ben, You need to add following SANs or use a wildcard certificate for Director.

    Web internal

    FQDN of the server

    Each of the following:

    • Internal web FQDN (which is the same as the FQDN of the server)
    • Server FQDN
    • Skype for Business pool FQDN

    AND

    • Meet simple URLs
    • Dial-in simple URL
    • Admin simple URL

    OR

    • A wildcard entry for the simple URLs

    Web external

    FQDN of the server

    Each of the following:

    • External web FQDN

    AND

    • Meet simple URLs per SIP domain
    • Dial-in simple URL

    OR

    • A wildcard entry for the simple URLs

    You could refer to the following link(find the topic : Certificates for the Director:)

    https://technet.microsoft.com/en-us/library/dn933910.aspx#Certificates


    Best Regards,

    Leon-Lu
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, October 23, 2017 6:48 AM