Configure Certificates for Stand-alone A/V Conferencing Servers
Topic Last Modified: 2011-10-28
When you run the Certificate Wizard, ensure that you are logged in using an account that is a member of a group that has been assigned the appropriate permissions for the type of certificate template you will use. By default, a Lync Server certificate request will use the Web Server certificate template. If you use an account that is a member of the RTCUniversalServerAdmins group to request a certificate using this template, verify that the group has been assigned the Enroll permissions required to use that template.
To successfully complete this procedure you should be logged on to the computer where the Lync Server Deployment Wizard is installed as a user who is a member of the RTCUniversalServerAdmins group or have the correct user rights delegated. For details, see Delegate Setup Permissions. Depending on your organization and requirements for requesting certificates, you may require other group memberships. Consult with the group that manages your public key infrastructure (PKI) certification authority (CA).
Each stand-alone Audio/Video (A/V) Conferencing Server requires a single default certificate. For details about the certificate requirements, see Certificate Requirements for Internal Servers.
Use the following procedure to configure the A/V Conferencing Server certificate. Repeat the procedure for each A/V Conferencing Server.
The steps of this procedure describe how to configure a certificate from an Internal Enterprise Root CA deployed by your organization. For details about obtaining certificates from an external CA, contact your IT department.
Configure the certificate for a stand-alone A/V Conferencing Server
Log on to the computer where the Lync Server Deployment Wizard is installed as a member of the RTCUniversalServerAdmins group or with the necessary user rights as described in Delegate Setup Permissions.
On the Microsoft Lync Server 2010 – Deployment Wizard page, next to Step 3: Request, Install or Assign Certificates, click Run.
On the Certificate Wizard page, click Request.
On the Certificate Request page, click Next.
On the Delayed or Immediate Requests page, select Send the request immediately, and then click Next.
On the Choose a Certification Authority (CA) page, in the list, click the internal Windows certification authority that you want, and then click Next.
On the Certification Authority Account page, enter alternate credentials to be used if the account you are logged on with does not have sufficient authority to request the certificate, and then click Next.
On the Specify Alternate Certificate Template page, click Next.
On the Name and Security Settings page, enter a Friendly Name.
In the Key bit length list, click the key bit length, and then click Next.
On the Organization Information page, optionally specify organization information, and then click Next.
On the Geographical Information page, optionally specify geographical information, and then click Next.
On the Subject Name / Subject Alternative Names page, review the subject name and subject alternative names to ensure that you have the proper server fully qualified domain names (FQDNs) listed, and then click Next.
There are no required entries for A/V Conferencing Servers.
On the SIP Domain setting page, select Configured SIP Domains for all SIP domains in your deployment, and then click Next.
On the Configure Additional Subject Alternative Names page, add any additional required subject alternative names, and then click Next.
On the Certificate Request Summary page, click Next.
On the Executing Commands page, click Next.
On the Online Certificate Request Status page, click Finish.
On the Certificate Assignment page, click Next.
On the Certificate Assignment Summary page, click Next.
On the Executing Commands page, click Finish.
On the Certificate Wizard page, click Close.