I've searched EE and have found related articles but none answering the question I have.
I'm running in to an issue with a new client that has Lync 2013. The public certificate is expiring soon (like in 4 days) and the current public certificate has the internal server name as one of the SANs. Since this is no longer allowed, I've been looking for the easiest way to get around this. I'd prefer to avoid renaming domains or creating a split-dns zone.
I've found articles on blogs (I'll add the links below) that say that having an internal enterprise CA will allow us to set everything up without doing either of the things mentioned above as the internal certificate can have the internal server name. We do currently have an internal CA and already have a certificate from that CA assigned to the Lync internal web services.
My question is, what do we have to do to configure the internal CA certificate in a way that will allow us to remove the internal server name from the public cert and have Lync still accept the new public cert?
The client currently has 2 servers, an outside edge server and a front end server. Both are running Windows 2008 R2 SP1. I've attached pictures of the current state of the certificates on both servers.
The following articles have helped me understand this much, but I need more guidance due to my lack of knowledge of Lync servers.
(specifically, Holger's 2nd reply)
Any help is greatly appreciated. Thank you!