I've read this on TechNet:

Microsoft Lync Server 2010 supports the use of a single public certificate for all external interfaces. The certificate's private key must be exportable, if it is used with multiple Edge Servers, and we recommend that you use an exportable key with a single Edge Server. The key must also be exportable if you request the certificate from any computer other than the Edge Server.

Exportable key is secured ???

It is recommended to keep the key exportable so that you can assign it to multiple edge servers even if you created the request just from one server. If you don't keep the key exportable, you won't be able to assign it on any edge server other than the one you created the request from.

Hi carlosdlra,

If you want to create a backup copy of the certificate or use it on another computer, you must first export the certificate and private key.

In Lync Server 2013, the OAuthTokenIssuer certificate is a global certificate, this means that the same OAuthTokenIssuer certificate needs to be used by all of the Lync Server 2013 servers.

 

Best regards,

Eric

Hi Carlosdlra,

Just to understand that you're concerned is IF the certificate can be exported, it is no longer secured?

Basically the exported certificate is usually protected with a password (usually in PFX format) - so even someone else manage to get hold of the file, they'll still need the password to import into the local certificate store.

Hope this clarifies your con