locked
Skype FE Server FDQN in SAN Certificate RRS feed

  • Question

  • Is it required to have the Skype front end servers FDQN in the Skype for business certificate SANs?

    In other words, for <g class="gr_ gr_136 gr-alert gr_gramm gr_run_anim Grammar multiReplace" data-gr-id="136" id="136">a FE</g> pool named CSPOOL.CONTOSO.COM that has 2 FE servers (SRV1, SRV2), <g class="gr_ gr_99 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del" data-gr-id="99" id="99">do <g class="gr_ gr_137 gr-alert gr_tiny gr_spell gr_run_anim ContextualSpelling multiReplace" data-gr-id="137" id="137">i</g></g> need to include SRV1.CONTOSO.COM and SRV2.CONTOSO.COM in the certificate SAN


    ammarhasayen

    Sunday, July 17, 2016 8:34 AM

Answers

  • Absolutely right. you should have all the  FE Server FQDNS in the SAN entry.  More info here 

    http://social.technet.microsoft.com/wiki/contents/articles/24210.demystify-lync-2013-server-internal-certificate-requirements.aspx


    Linus || Please mark posts as answers/helpful if it answers your question.

    Sunday, July 17, 2016 10:22 AM
  • Thats all FE servers within the FE Pool.

    Means, If you have 5 FE servers in Single Pool, then you should create certificate request from the any one of the FE server with marking Certificate is Exportable and add other FE servers as SAN list.

    then get the certificate from the certificate authority and import the certificate on the same FE server where you created the certificate request.

    once the certificate imported successfully with Priviate key, you export the same certificate with Private key to apply this certificate in rest of the FE servers.

    Hope this information will be helpful to you.




    Regards, Rajukb | MCSE (Communication ), MCSA (o365) ,Certified "Lync server 2013 depth support engineer"| This posting is providedwith no warranties and confers no rights. If my reply answers your question please mark as answer/helpful if its helpful.

    • Proposed as answer by Liinus Sunday, July 17, 2016 11:14 AM
    • Marked as answer by Niko.Cheng Tuesday, July 26, 2016 1:40 AM
    Sunday, July 17, 2016 10:50 AM

All replies

  • Absolutely right. you should have all the  FE Server FQDNS in the SAN entry.  More info here 

    http://social.technet.microsoft.com/wiki/contents/articles/24210.demystify-lync-2013-server-internal-certificate-requirements.aspx


    Linus || Please mark posts as answers/helpful if it answers your question.

    Sunday, July 17, 2016 10:22 AM
  • Thats all FE servers within the FE Pool.

    Means, If you have 5 FE servers in Single Pool, then you should create certificate request from the any one of the FE server with marking Certificate is Exportable and add other FE servers as SAN list.

    then get the certificate from the certificate authority and import the certificate on the same FE server where you created the certificate request.

    once the certificate imported successfully with Priviate key, you export the same certificate with Private key to apply this certificate in rest of the FE servers.

    Hope this information will be helpful to you.




    Regards, Rajukb | MCSE (Communication ), MCSA (o365) ,Certified "Lync server 2013 depth support engineer"| This posting is providedwith no warranties and confers no rights. If my reply answers your question please mark as answer/helpful if its helpful.

    • Proposed as answer by Liinus Sunday, July 17, 2016 11:14 AM
    • Marked as answer by Niko.Cheng Tuesday, July 26, 2016 1:40 AM
    Sunday, July 17, 2016 10:50 AM
  • Hi Ammar Hasayen,

    It is required to have the SFB front end server’s FDQN in the Skype for business certificate SANs

    Here is an article for your reference, it’s similar to SFB 2015

    https://technet.microsoft.com/en-us/library/gg398094(v=ocs.15).aspx

    Best regards,

    Alice Wang


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, July 18, 2016 5:32 AM