Skype for business 2015 Edge Server SSL Certification Failure
Anyone had the issue when deployed SFB 2015 edge server with single external IP and NAT enabled I get an SSL Certification error from https://testconnectivity.microsoft.com The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server skype.gendac.co.za on port 443. I am using a wildcard Certificate and all services are running on my edge server. Any suggestions?
August 17th, 2015 4:15am

Hi

The problem is that for the Edge server, a wildcard certificate is not supported. You will find things like desktop sharing, federation and some other services will either not work at all, or have poor experience and reliability.

You will need to purchase a SAN certificate for the edge server. If you are using the Single IP model then the certificate should be like this

Subject Name: <access-edge>.domain.com

SAN: <access-edge>.domain.com, domain.com

Where <Access-edge> is your access edge service FQDN, usually sip.domain.com

A wildcard certificate is supported for Reverse Proxy for Lync web services only.

thanks

Free Windows Admin Tool Kit Click here and download it now
August 17th, 2015 4:35am

Hi,

Wildcard certificates are not supported in Lync Server, except where used to summarize the Simple URLs through the reverse proxy. You must define distinct subject alternate names (SANs) for each SIP domain name, Web Conferencing Edge service, A/V Edge service and XMPP domain offered by your deployment.

In the event of a pool of Edge Servers, you export the certificate with the private key to each Edge Server and assign the certificate to each Edge Server service. Do the same for the internal Edge Server certificate, exporting the certificate with the private key and assigning to each internal Edge interface.

Best Regards,
Eason Huang

August 18th, 2015 3:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics