Configure Certificates for the Director
Topic Last Modified: 2012-05-21
Important
When you run the Certificate Wizard, ensure that you are logged in using an account that is a member of a group that has been assigned the appropriate permissions for the type of certificate template you will use. By default, a Lync Server certificate request will use the Web Server certificate template. If you use an account that is a member of the RTCUniversalServerAdmins group to request a certificate using this template, verify that the group has been assigned the Enroll permissions required to use that template.
Each Director requires a default certificate, a web internal certificate, and a web external certificate. For details about the certificate requirements for Directors, see Certificate Requirements for Internal Servers in the Planning documentation.
Use the following procedure to configure Director certificates. Repeat the procedure for each Director. The steps of this procedure describe how to configure a certificate from an Internal Enterprise Root certification authority (CA) deployed by your organization and with offline request processing. For details about obtaining certificates from an external CA, contact your support team.
To configure certificates for the Director or Director pool
In the Lync Server Deployment Wizard, next to Step 3: Request, Install or Assign Certificates, click Run.
On the Certificate Wizard page, click Request.
On the Certificate Request page, click Next.
On the Delayed or Immediate Requests page, accept the default Send the request immediately to an online certification authority option, and then click Next.
On the Choose a Certification Authority (CA) page, click the internal Windows certification authority that you want to use, and then click Next.
On the Certification Authority Account page, specify alternate credentials to be used if the account you are logged on with does not have sufficient authority to request the certificate, and then click Next.
On the Specify Alternate Certificate Template page, click Next.
On the Name and Security Settings page, you can specify a Friendly Name, accept the 2048-bit key length, and then click Next.
On the Organization Information page, optionally specify organization information, and then click Next.
On the Geographical Information page, optionally specify geographical information, and then click Next.
On the Subject Name / Subject Alternative Names page, click Next.
Note
The subject alternative name list should contain the name of the computer on which you are installing the Director (if a single Director) or the Director pool name, and the simple URL names configured for the organization.
On the SIP Domain Setting on Subject Alternate Names (SANs) page, select the Configured SIP Domains for all domains that you want the Director to handle, and then click Next.
On the Configure Additional Subject Alternative Names page, add any additional required subject alternative names, and then click Next.
On the Certificate Request Summary page, click Next.
On the Executing Commands page, click Next after the commands have finished running.
On the Online Certificate Request Status page, click Finish.
On the Certificate Assignment page, click Next.
Note
if you want to view the certificate, double-click the certificate in the list.
On the Certificate Assignment Summary page, click Next.
On the Executing Commands page, click Finish after the commands have finished running.
On the Certificate Wizard page, click Close.