Lync Server 2010 Standard SSL Deployment Question
Posted on 2011-05-10
Working on deploying a Lync 2010 Standard server, and would like to keep all of the roles dedicated to just one box. While this is a supported configuration from Microsoft, I am having issues connecting to the system externally. My issue is that the internal AD domain is a ".net" extension, and the external domain is a .com, and unfortunately, we do not own the public .net domain name. This is causing an issue when it comes to our SSL certificate, because I am having to use a private internal CA to generate the .net SSL cert, and then using GoDaddy to give us the .com cert. Is this going to be possible to use both certs on the one system, and have clients connect correctly? Right now, internal connections work normally, but externally, users get "unable to verify server certificate" message from the Lync Client.
When I went through the Lync SSL wizard, I did assign the internally created cert to the server default section, and the internal web server section, and the GoDaddy cert to the external web server. If I hit https://server.domain.com:4443 from the external side, I get a "403 - Forbidden: Access is denied" message, but it does show the correct SSL cert. So at this point, I am not sure if I have something configured wrong, or if I am going about this the wrong way. Part of me is thinking that I am going to have to deploy a dedicated edge server because of the separate domains, but I am hoping to avoid that.
Currently, we have ports 80, 443, 8080, 4443, and 5061 forwarded through the firewall to the lync server. I was also unable to definitively determine which ports were needed through the firewall for Lync 2010, so if anyone can shed some light on that side, that would be helpful as well.
Please ask for any other information you may need!