Hi!

For various reasons my customer must use a public certificate for the pool. When running the wizard lyncdiscover for each of the domains is added, eventhough this is an internal certificate only. Do we really need those names in the certificate for the internal usage? Can we also skip the simple url names in the internal certificat, all those addresses are pointing the loadbalancer?

-UC

I'm presuming the various reasons include computers not on the domain (Mac) for which it would be a pain to install a trusted cert to each one.  Otherwise, I've gone so far as to install a standalone non-enterprise cert authority on the Lync server itself and made domain computers trust it.  A terrible practice that I would never recommend, but it's the most I could get a client to agree to once.

You may have trouble doing this from the Lync GUI.  Can you generate the cert, but remove SANs on the third party certificate website to meet your requirements?  If not, you may have to generate the certificate using a command line.  Why would you not want those SANs?  Is it a cost issue? 

In answer to the lyncdiscover entry requirement, this would be requirement for internal mobile devices and devices leveraging the lync store app.

Kind regards
Ben

Good point, Ben, I glossed over that.  There are situations where you'd need this URL internally.

Wildcard SAN entry is supported for simple URLs in Front End web components.

The DNS requirements for simple URLs depend on simple URL option you choose.

You can check it at http://technet.microsoft.com/en-us/library/gg425874.aspx