External Certificate

Dear Readers,

I have the following LYNC Infrastructure:

Pool Name (lync.domain.local)

  • Lync-1.domain.local
  • Lync-2.domain.local

Note: My external domain name is xxx.com (different then internal name "domain.local")

I'm using DNS  load balancing and everything is working fine from inside. So, i'm planning to deploy edge server for external users. 

I install a new server on DMZ Network with 1 NIC and add the following IP's:

  • 172.16.16.3  Lync Edge Server
  • 172.16.16.4 SIP
  • 172.16.16.5 WC
  • 172.16.16.6 AV

And i open the following Port from WAN to DMZ Lync Server

  • sip 443,5061
  • wc 443
  • av 443, 3478, 50,000-59,999

Also i add the External DNS entry for sip, wc and av.

My problem with Edge Server Certificate i don't know what i really need to add as Subject Name and how to download the certificate that i need to install in the Client Computer.

February 25th, 2015 7:11am

Hi,

 you can give anything as subject name, but add the URL which is exposed to the external in "Subject  Alternative Names". certificate from internal CA server will not work. Client computer no need to install the certificate.

Please mark as answered if it answers your quesion.

Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 7:33am

Edge must have 2 NICS and that's the best practice and recommendation. You need to have 2 different IP subnets configured in Internal interface and the external interface. If you keep the current configuration, it will result in an unexpected behaviour when calls routing over the Edge.

As for the certificate, you need to have the subject name as sip.domain.com and SAN records as,

sip.domain.com (FQDN of the access edge that you configure in topology)

webcon.domain.com (the FQDN that you configure for web conferencing Edge that you configure in topology)

domain.com (oAuth)

those are the records for Edge external services.

February 25th, 2015 9:08am

Hi,

1. It is supported to use two NICs for Edge Server, one for external interface and the other for internal interface.

2. You can refer to the following link to add SN and SAN for Edge external and internal interface certificate:

https://technet.microsoft.com/en-us/library/gg398519.aspx

3. Please open the needed ports for both Edge internal and external interface with the following link:

https://technet.microsoft.com/en-us/library/gg425891.aspx

Best Regards,
Eason Huang

Free Windows Admin Tool Kit Click here and download it now
February 26th, 2015 10:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics