Certificates - Have I got all the domains covered?


  • Hi everyone,

    We've just grown from a single SIP domain to having another 5, subsequently we're now going through the process of updating our external certificates as well as soon adding mobility to the mix. I want to make sure I have all the domain names covered on new certificates so we don't have to purchase more due to an oversight.

    1. Can there be a single lyncdiscovery external record for multiple SIP domains or must there be a different one for each SIP domain and thus separate SANs in the certificate?
    2. Anyone see any issues with the below setup?

    Main SIP Domain:

    Additional SIP Domains:,,, and

    The simple URLs and external web services are going to be:, (Replace XX with country codes from additional SIP domains) and

    The edge domains are going to be:,,

    Based on the above I believe I need the following certificates:

    Reverse Proxy Certificate

    • Common Name:
    • Alternative Name:
    • Alternative Name:
    • Alternative Name:
    • Alternative Name:
    • Alternative Name:
    • Alternative Name:
    • Alternative Name:

    Edge Server Certificate

    • Common Name:
    • Alternative Name:
    • Alternative Name:

    Thanks everyone.

    1. března 2012 6:59


Všechny reakce

  • Hey Mark

    As i can see you have got all the names covered, except for the domain. is this getting removed ? or r u reusing the old certificate seperatley ?

    As for the lyncdiscover, a seperate host a record should exist externall for each seperate domain you have. as per below 

    • Označen jako odpověď _MarkH_ 1. března 2012 8:47
    1. března 2012 7:22
  • Hi Hany,

    Thanks for that. I forgot to mention we will be keeping some of the FQDNs such as, but as for others such as dialin we don't use so no need to keep it.

    It's unfortunate that the mobile clients can't be cnamed to a different domain (i.e. have and both cname to and only use the certificate for the ultimate destination.

    Thanks again Hany.

    1. března 2012 8:47