Hi,

We have common public certificate configured on LYNC 2010 Pool, internal web farm and as well on External Web Farm.

Also the pool name and internal web farm name are same. and external web farm name is lyncwebext.domain.com. We have 6 frontend server behind the pool name.

Meet, lyncadmin,

In public Certificate, all frontend servers FQDN is mentioned. the subject name is pool name

what is the impact to mention the Frontend servers FQDN in Public SAN certificate ?

what is the impact if we have same pool name and internal web farm name?

what is the impact if on certificate using for external web farm having subject name with Pool FQDN?

1) what is the impact to mention the Frontend servers FQDN in Public SAN certificate ?

There is no impact really other than you've exposed some internal server names, but in terms of security risk I would imagine that's very very very low.  If the FQDN isn't a domain you own publically or can't have on a certificate, for example domain.local, you might have an issue.  Otherwise I wouldn't worry about impact other than added cost for the additional SANs.

2)  what is the impact if we have same pool name and internal web farm name?

The impact is in how you load balance it.  Web services can't use DNS load balancing.  If you have the same name for internal web services and the pool name, and you have those 6 front end servers, you'll be forced to use hardware load balancing for the pool itself.  I would suggest separating them, using DNS load balancing for the Pool FQDN and HLB for the web services.  In my experience, the failover when a server dies is a bit nicer this way.

3) what is the impact if on certificate using for external web farm having subject name with Pool FQDN?

None, other than cost and you exposed an FQDN you didn't really need to.  But the security risk is again low, knowing the name of a server doesn't give a hacker much, and finding out server names if they did have access anyway would be trivial.