Share via


Certificate summary - Public instant messaging connectivity in Lync Server 2013

 

Topic Last Modified: 2013-02-19

To configure certificates for public Instant Messaging connectivity, you should first notice that there is nothing different from other SIP federation types or even standard Edge Server certificates, except that America Online (AOL) requires a unique certificate configuration. In addition to the usual server enhanced key usage (EKU), America Online requires the certificate or certificates (in the case of an Edge pool) to also contain the client EKU. The client EKU is an addition to the certificate, and is part of the external public certificate that is assigned to your Edge Server.

Certificate Summary – Public Instant Messaging Connectivity

Component Subject name Subject alternative names (SAN)/Order Comments

External/Access Edge

sip.contoso.com

sip.contoso.com

webcon.contoso.com

sip.fabrikam.com

The certificate must be from a Public CA, and must have the server EKU and client EKU if public IM connectivity with AOL is to be deployed. The certificate is assigned to the external Edge Server interfaces for:

  • Access Edge service

  • Web Conferencing Edge service

  • A/V Edge service

Note that SANs are automatically added to the certificate based on your definitions in Topology Builder. You add SAN entries as needed for additional SIP domains and other entries that you need to support. The subject name is replicated in the SAN and must be present for correct operation.