Certificate reqrement for Lync 2013

Hello,

We are gonna deploy Lync 2013. I need to know can we remove any SAN Fqdns from the below list ?

webapp.contoso.com
webext.contoso.com
access.contoso.com
webcon.contoso.com
dialin.contoso.com
meet.contoso.com
sip.contoso.com
lyncdiscover.contoso.com
lyncdiscoverinternal.contoso.com
Kanchana_SilvaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:
Hi,

Sure you can, contoso.com is an example domain owned by Microsoft for training purposes.
Try browsing to any one of them and find yourself ending up at Microsoft.

Those records are meaningless.
0
Kanchana_SilvaAuthor Commented:
I replaced my company domain name with the contoso.com as example.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
ok understood.

On this link is explained what each SAN is used for, you need to figure out what is applicable in your situation.
0
Jeff_SchertzCommented:
This article clearly explains how each of the FQDNs are utilized in Lync Server, and I suggest reading through it: http://blog.schertz.name/2012/07/lync-edge-server-best-practices

You cannot use a single certificate for all Lync server roles, you'll need to at minimum get three certificates for a standard deployment of a single Standard Edition Front End Server, a single Edge Server, and a single Reverse Proxy server.  Although not best practice you can bundle the external Edge and Reverse Proxy roles into a single Public certificate, but you will still need a second certificate for the internal Edge interface and a third certificate for the internal Front-End Server.

Depending on your configuration and desired feature-set it could be different.  There is no single answer to this basic question that applies to all.

The access.contoso.com is entirely optional and can be skipped as you can also access the Lync Server Control Panel from the same FQDN used for the internal Web Services, it is redundant.

The webapp.contoso.com FQDN is also a duplicate as for a Standard Edition server the server's own FQDN would be used as the internal Web Services FQDN.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kanchana_SilvaAuthor Commented:
Hello jeff,

I am asking about external Publish.

Should we add Webapp.contoso.com for External Presentation sharing ?

We should add access.contoso.com because its the FQDN of Access Edge. ?

Regards
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chat / IM

From novice to tech pro — start learning today.