Hello all,
Deployment and DNS:
I've deployed front end, edge and reverse proxy.
On the front end : default, web internal, web external are using same cert from internal CA.
edge is using 1 private IP and NAT'd. access edge, a/v, webconf name is sip.contoso.com. primary sip domain is contoso.com and additional(my local sip domain) is contoso.local.
edge internal is using certificate with CN=edge.contoso.local from internal CA.
edge external and RP are using same certificate from digicert. (CN=sip.contoso.com, SAN: sip.contoso.com, extweb.contoso.com, lyncdiscover.contoso.com, contoso.com )
Edge, RP, Front end servers are in same subnet. I know that is not recommended but it will work.
TMG has 1 rule : from - external, to- lyncfe.contoso.local (FE), public name: extweb.contoso.com, contoso.com, lyncdiscover.contoso.com, bridging: redirects to 8080 and 4443, Listener 80,443 and selected digicert public cert(imported from edge external interface) on RP public IP.
Problem:
www.testocsconnectivity.com responds succeed in port 5061. But doesn't work on 443 :
Testing the SSL certificate to make sure it's valid. | |||||||||||||||
The SSL certificate failed one or more certificate validation checks. | |||||||||||||||
|
Also doesn't on autodiscover:
Testing HTTP authentication methods for URL https://lyncdiscover.contoso.com/Autodiscover/AutodiscoverService.svc/root/user. | |||||
HTTP authentication test failed. | |||||
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl03_tmmArrow">Tell me more about this issue and how to resolve it</label> | |||||
|
http://frontend FQDN/dialin and meet works, but not on https://extweb.contoso.com/dialin and meet.
Question:
- Is it possible to use RP and edge are using same public ca certificate? - my case
- Does Front end's web external interface have to use public ca? - little bit confused on this
- Does my TMG configured & works properly?
- What should I do then?
Any help would be gurrreitly appreciated! :)