Hello my Customer have Install his certificate to the Lync 2013 Server certificate console when he import the default certificate it is work with a green checkmark. But when he import OAuthTokenIssuer the check mark do not appear why?

 

• Edited by sdechene73 Wednesday, January 28, 2015 8:22 PM

Also, if you click the assign button, do you see the certificate listed that you want?  Ensure that the root certification authority is in the Trusted Root Certification Authorities section of the computer certificates storage, intermediates are in the Intermediate Certification Authorities section, and that you can confirm the private key is installed.

Ok now my costumer have these two certificate with a green check mark. But we have another problem when de Service Lync Server Front End start we got this error:

Lync Server machine FQDN cannot be located in the default certificate.

<u5:p> </u5:p>

Machine FQDN: 'E02SVSLYNCFE1.domain.ca'.

Cause: This is a configuration problem.

Resolution:

Make sure the default certificate matches the machine FQDN.

Any ideas?

Was the certificate purchased from a Third-Party or issued from an Internal CA?

If you look at the certificate SAN list, the required entry: 'E02SVSLYNCFE1.domain.ca' is missing. If issued from a Third-Party, internal domains are no longer supported like .local. https://www.digicert.com/internal-names.h

Hello my costumer tell me the OAuth certificate is an internal certificate ans the other is provide by GlobalSign.

Expand the Default Certificate in the certificate wizard and assign the GlobalSign cert to only the Web Services External, select default and Web Services Internal and request a new certificate from the Internal Certificate Authority, install and assign.

Or install the GlobalSign certificate on the Reverse Proxy and use an Internal CA cert for all of the services under default certificate.