locked
Certificate renewal request RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    We have 4 Lync 2010 FE servers in Enterprise Pool and need to renew certificates. Do we need to generate certificate renew request on all 4 servers separately and then assign to them or can we generate the renew request from one server and assign the same certificate to the remaining 3 servers ?
    Thursday, August 31, 2017 6:39 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    If it's an internal certificate authority, I'd suggest a different cert per server as each will need the server's FQDN.  That said, they can all use the same cert as long as the cert has all the individual server FQDNs listed as SANs.  You'll need to add these manually. 

    Please remember, if you see a post that helped you please click "Vote" on the left side of the response, and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, SWC, their employees, or other MVPs.

    • Proposed as answer by Alice-Wang Friday, September 1, 2017 2:22 AM
    • Marked as answer by Striker11 Friday, September 1, 2017 5:10 AM
    Thursday, August 31, 2017 8:29 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    If it's an internal certificate authority, I'd suggest a different cert per server as each will need the server's FQDN.  That said, they can all use the same cert as long as the cert has all the individual server FQDNs listed as SANs.  You'll need to add these manually. 

    Please remember, if you see a post that helped you please click "Vote" on the left side of the response, and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, SWC, their employees, or other MVPs.

    • Proposed as answer by Alice-Wang Friday, September 1, 2017 2:22 AM
    • Marked as answer by Striker11 Friday, September 1, 2017 5:10 AM
    Thursday, August 31, 2017 8:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    In fact you can generate the renew request from one server, and assign the same certificate to the reaming 3 servers because all servers in an Enterprise pool are using one exact same certificate ( note: the certificate contains/bears all necessary pool name, different server names already) 

    No need to request for all 4 servers separately. 

    Friday, September 1, 2017 1:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Striker11,

    Regarding this issue about certificate, I am agree with Anthony, you need to renew certificate for each Front End server in SFB pool.

    As a supplement, I will share a document about how to renew certificate for your SFB server

    https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 1, 2017 2:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks Anthony, Matrix and Alice for your responses. I am going to generate Cert request from one server and will add FQDN for all FE servers in pool as SAN.
    Friday, September 1, 2017 5:12 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    You are welcome

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 1, 2017 5:18 AM