Planning an upgrade from a Lync 2010 Edge to 2013. The 2010 Edge was not configured correctly particularly with certificates. Just reviewing it now and I have a few questions. I ran a Get-CsCertificate and got the output below:
Use - Internal Subject Name is FQDN of Edge Certificate supplied by internal CA
Use - AccessEdgeExternal Subject Name is sip-edge.domain.com Public Certificate
Use - DataEdgeExternal Subject Name is webconf.domain.com Public Certificate
Use - AudioVideoAuthentication Subject Name is av.domain.com Public Certificate
The last one is what I have a concern with. Shouldn't this certificate be issued by our Internal CA, not a public certificate?
Also, from what I have been reading, the AV Edge Service is advertised in Topology builder with a public IP but it should only communicate with the Internal interface of the Edge which in turn communicates with the FE servers. How can I confirm this is what is happening? Does this just happen automatically or is there something I need to configure?