locked
Certificate on edge RRS feed

  • Question

  • Im using a wildcard and this warning appear:

    Warning: The subject name "*.contoso.com" of the certificate does not match the computer fully qualified domain name (FQDN) "dominio.contoso.com".

    Is this a problem?


    • Edited by anersantana Tuesday, September 17, 2013 7:51 PM
    Tuesday, September 17, 2013 7:51 PM

Answers

  • Wildcard entries for the subject name (cn) are not supported in Lync 2013.

    You can use them as SANs on some roles, but I do not believe the Edge is one of those roles.


    Tuesday, September 17, 2013 9:15 PM
  • Hi Anersantana,

    Just like Bend-y and Georg said, the wildcard is not a role for Edge server.

    For Edge server external interface you must use a public certificate.

    For Edge server internal interface, it is recommended to use private certificate by an internal CA, however, you can also use a Public certificate.

    Here is a link about the certificate requirement for Edge server:

    http://technet.microsoft.com/en-us/library/gg398920.aspx

    You can refer to the link about the certificate requirement for whole Lync server may help:

    http://technet.microsoft.com/en-us/library/gg398066.aspx

    Best Regards,

    Eason Huang

    • Marked as answer by Kent-Huang Friday, October 4, 2013 12:21 PM
    Wednesday, September 18, 2013 6:59 AM

All replies

  • Wildcard entries for the subject name (cn) are not supported in Lync 2013.

    You can use them as SANs on some roles, but I do not believe the Edge is one of those roles.


    Tuesday, September 17, 2013 9:15 PM
  • Bend-y is correct that you wildcard entries are not supported at all in Lync and that the Edge server is not a role that a wildcard SAN entry is supported in.

    Wildcard SAN entry support as follows:

    - Reverse proxy.   Wildcard SAN entry is supported for Simple URL (meet and dialin) publishing certificate.
    - Reverse proxy.   Wildcard SAN entry is supported for the SAN entries for LyncDiscover on the publishing certificate.
    - Director.   Wildcard SAN entry is supported for Simple URLs (meet and dialin) and for SAN entries for LyncDiscover and LyncDiscoverInternal in Director web components.
    - Front End Server (Standard Edition) and Front End pool (Enterprise Edition). Wildcard SAN entry is supported for Simple URLs (meet and dialin) and for SAN entries for LyncDiscover and LyncDiscoverInternal in Front End web components.
    - Exchange Unified Messaging (UM).   The server does not use SAN entries when deployed as a stand-alone server.
    - Microsoft Exchange Server Client Access server.   Wildcard entries in the SAN are supported for internal and external clients.
    - Exchange Unified Messaging (UM) and Microsoft Exchange Server Client Access server on same server.   Wildcard SAN entries are supported.

    See more here: http://technet.microsoft.com/en-us/library/hh202161.aspx


    Blog http://ucfoc.us | Twitter @georgathomas


    • Edited by Georg Thomas Tuesday, September 17, 2013 9:44 PM ammended
    Tuesday, September 17, 2013 9:42 PM
  • Hi Anersantana,

    Just like Bend-y and Georg said, the wildcard is not a role for Edge server.

    For Edge server external interface you must use a public certificate.

    For Edge server internal interface, it is recommended to use private certificate by an internal CA, however, you can also use a Public certificate.

    Here is a link about the certificate requirement for Edge server:

    http://technet.microsoft.com/en-us/library/gg398920.aspx

    You can refer to the link about the certificate requirement for whole Lync server may help:

    http://technet.microsoft.com/en-us/library/gg398066.aspx

    Best Regards,

    Eason Huang

    • Marked as answer by Kent-Huang Friday, October 4, 2013 12:21 PM
    Wednesday, September 18, 2013 6:59 AM