locked
Wildcard Certificate RRS feed

  • Question

  • I'm trying to find out if its possible to use a wildcard certificate on the Lync Edge server's External Interface.   OR maybe a better question would be if i use the wildcard what will break?  Like I've read the auto configuration will not work, etc.  Looking to get away from having so many certs....

    Thursday, January 8, 2015 2:34 PM

Answers

  • Agreed it's not supported. From memory the Edge service's don't start. Having said that yes, you can try it and if it doesn't work - simply Assign the correct certs without issue. You shouldn't have any issues with changing certs.

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Ben Donaldson Thursday, January 8, 2015 5:03 PM
    • Marked as answer by quadman101 Thursday, January 8, 2015 8:28 PM
    Thursday, January 8, 2015 4:40 PM

All replies

  • Hi,

    As far as i know Lync Edge server external interface will not support Wild card certificate. only the reverse proxy will support the Wild card certificate.

    http://technet.microsoft.com/en-in/library/hh202161.aspx


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.


    • Edited by Raju_raju Thursday, January 8, 2015 2:53 PM
    • Proposed as answer by Ben Donaldson Thursday, January 8, 2015 5:03 PM
    Thursday, January 8, 2015 2:50 PM
  • Raju, 

    thanks for the response and I've looked at that document as well... I guess i'm wondering tho, even tho its not supported will it work, with limited functionality???   Or if i install the wildcard and test, can i easily put the working cert back on or doesn't lync like you messing with the certs???

    Thursday, January 8, 2015 3:09 PM
  • Agreed it's not supported. From memory the Edge service's don't start. Having said that yes, you can try it and if it doesn't work - simply Assign the correct certs without issue. You shouldn't have any issues with changing certs.

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Ben Donaldson Thursday, January 8, 2015 5:03 PM
    • Marked as answer by quadman101 Thursday, January 8, 2015 8:28 PM
    Thursday, January 8, 2015 4:40 PM
  • In addition, I believe this is because the SAN is queried on the certificate rather than just the subject / common name, which would naturally be absent on a wild card certificate.

    Kind regards
    Ben


    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.

    Lync | Skype | Blog: Gecko-Studio

    Thursday, January 8, 2015 4:52 PM
  • Hi,

    It's not supported as others said but the Edge services will start fine.

    There could be intermittent problems related to the wildcard, very hard to pinpoint to a certificate issue, like having just a single federation partner not working (you will assume everyone else works fine so it's a partner issue, not yours).

    Try it... see if it works in your case, if it doesn't just keep a note somewhere... any edge issues, check certificate first :)


    Hugo Picão
    MCIPT:Lync 2010 / MCITP:EA / MCTS:OCS / MCTS:W2K8 / MCSE: 2003
    My Blog

    Friday, January 9, 2015 10:56 AM