Planning an upgrade from a Lync 2010 Edge to 2013. The 2010 Edge was not configured correctly particularly with certificates. Just reviewing it now and I have a few questions. I ran a Get-CsCertificate and got the output below:

Use - Internal    Subject Name is FQDN of Edge   Certificate supplied by internal CA

Use - AccessEdgeExternal   Subject Name is sip-edge.domain.com  Public Certificate

Use - DataEdgeExternal    Subject Name is webconf.domain.com  Public Certificate

Use - AudioVideoAuthentication  Subject Name is av.domain.com  Public Certificate

The last one is what I have a concern with. Shouldn't this certificate be issued by our Internal CA, not a public certificate?

Also, from what I have been reading, the AV Edge Service is advertised in Topology builder with a public IP but it should only communicate with the Internal interface of the Edge which in turn communicates with the FE servers. How can I confirm this is what is happening? Does this just happen automatically or is there something I need to configure?

For upgrade from Lync Edge 2010 to Lync Edge 2013, you can refer below link

http://terenceluk.blogspot.com/2013/01/upgrading-edge-server-from-lync-server.html

Hi,

Actually you don't need to have a certificate with AV.domain.com, in OCS days we need to add a specific certificate for AV Authentication.

On the external interface, you can use a certificate with 2 names:

• sip-edge.domain.com (if possible use sip.domain.com)
• webconf.domain.com 

AV Edge Service you need to configure NAT if you are using private IPs on the Egde External Interface.

David

That's true of the A/V Conferencing Edge service but the Authentication service does. That's what I was referring to above. Anyway, I found a great article below from Jeff Schertz that answered my question and more.

http://blog.schertz.name/2009/09/more-ocs-edge-certs/