Hi
The problem is that for the Edge server, a wildcard certificate is not supported. You will find things like desktop sharing, federation and some other services will either not work at all, or have poor experience and reliability.
You will need to purchase a SAN certificate for the edge server. If you are using the Single IP model then the certificate should be like this
Subject Name: <access-edge>.domain.com
SAN: <access-edge>.domain.com, domain.com
Where <Access-edge> is your access edge service FQDN, usually sip.domain.com
A wildcard certificate is supported for Reverse Proxy for Lync web services only.
thanks
Hi,
Wildcard certificates are not supported in Lync Server, except where used to summarize the Simple URLs through the reverse proxy. You must define distinct subject alternate names (SANs) for each SIP domain name, Web Conferencing Edge service, A/V Edge service and XMPP domain offered by your deployment.
In the event of a pool of Edge Servers, you export the certificate with the private key to each Edge Server and assign the certificate to each Edge Server service. Do the same for the internal Edge Server certificate, exporting the certificate with the private key and assigning to each internal Edge interface.
Best Regards,
Eason Huang