Request Certificates in Advance (Optional)
Topic Last Modified: 2010-11-02
Certificates are required for all internal servers that are running Microsoft Lync Server 2010, including each Enterprise Edition Front End Server, Standard Edition server, Director, stand-alone A/V Conferencing Server, and stand-alone Mediation Server. Although an internal enterprise certification authority (CA) is recommended for internal servers, you can also use a public CA. For details about certificate requirements and about the use of a public CA, see Certificate Requirements for Internal Servers in the Planning documentation.
Lync Server 2010 setup includes the Certificate Wizard, which facilitates the tasks of requesting, assigning, and installing certificates during deployment. If you want to request certificates prior to installing servers (for instance, to save time during actual deployment of servers), you can do so by using a computer on which the Lync Server 2010 administrative tools are installed or by using a certificate request procedure defined in your organization, as long as you ensure that the certificates are exportable and contain all the required subject alternative names. Requesting certificates in advance is optional; if you do not request them in advance, you must request them as part of the setup of each server that requires a certificate.
This Deployment documentation provides procedures for using the Certificate Wizard to request certificates as part of the setup process, as described in the Configure Certificates for Front End Servers, Configuring Certificates for Standard Edition Servers, Configure Certificates for the Director, Configure Certificates for Stand-alone A/V Conferencing Servers, and Install the Files for Mediation Server sections of this Deployment documentation. If you request certificates in advance, you must modify the certificate deployment procedures in those sections as appropriate to importing and assigning the certificates instead of requesting them at the time of deployment.
Note
Lync Server 2010 includes support for SHA-256 certificates for connections from clients running the Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7 operating systems, and Microsoft Lync 2010 Phone Edition. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.