Certificate summary - DNS and HLB load balanced in Lync Server 2013
Topic Last Modified: 2012-10-22
Certificate requirements for a Director with DNS load balancing and a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director can receive. A certificate is requested for each Director in the pool. It is important to remember that the hardware load balancer is load balancing only the traffic from the reverse proxy. Additionally, there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.
Certificates for Director
Component | Subject name (SN) | Subject alternative names (SAN) | Comments |
---|---|---|---|
Default |
dirpool01.contoso.net |
dirpool01.contoso.net dir01.contoso.net dialin.contoso.com meet.contoso.com lyncdiscoverinternal.contoso.com lyncdiscover.contoso.com (Optionally) *.contoso.com |
Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA. The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. Internal clients will not use the Director. Or, a wildcard entry for the simple URLs |
OAuthTokenIssuer |
dir01.contoso.net |
No Entry |
Important Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits. The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required. |