Certificate summary - Scaled Director pool, hardware load balancer in Lync Server 2013

 

Topic Last Modified: 2012-10-20

Certificate requirements for a Director with a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director pool can receive. A certificate is requested for each Director in the pool. Additionally there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.

Certificates for a Scaled Director Using a Hardware Load Balancer

Component	Subject name (SN)	Subject alternative names (SAN)	Comments
Default	dirpool01.contoso.net	dirpool01.contoso.net dir01.contoso.net dialin.contoso.com meet.contoso.com lyncdiscoverinternal.contoso.com lyncdiscover.contoso.com (Optionally) *.contoso.com	Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA. The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. Or, a wildcard entry for the simple URLs
OAuthTokenIssuer	dir01.contoso.net	No Entry	Important Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits. The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.