Automatic Population of Invalid SAN in Certificate Request

Hi,

I'm using the Lync Deployment Certificate wizard to generate an internal cert request.

The problem I have is that when I get to the "Subject Name / Subject Alternate Names" splash screen, one of the SANs auto-populated in the list is invalid (LyncdiscoverInternal.newdomain.com). Is there a way I can remove this from the list as I don't want it featuring in the certificate? I can't work out where this list is populated from as this domain does not show up in DNS or the Lync Topology.

Many thanks

Paul

September 12th, 2013 7:32am

Paul,

lyncdiscoverinternal.[sipdomain] is a legitimate entry in the SAN. I don't recommend you remove it unless you want to do it on purpose and you understand the implications.

This is automatically populated as it was first introduced as a requirement for mobility discovery for internal clients.

The same record is now also used by Lync 2010 clients with recent updates and Lync 2013 clients as the preferred lync pool discovery method (as opposed to using the SRV _sipinternaltls._tcp.[sipdomain]

If for any reason you need to have full control on the SAN list on your certificate then do it manually:

either via this utility: http://blog.schertz.name/2012/01/simple-certificate-requests-in-lync/

or powershell: http://technet.microsoft.com/en-us/library/gg425723.as

September 12th, 2013 9:11am

Please try to republish your Topology, then run the Step1, Step2 and Step3 with Lync Server Deployment Wizard again.

Please check you didnt define an additional SIP domain in Topology.

September 13th, 2013 2:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics