Article ID: 2667698 - View products that this article applies to.
By default, network communications in Lync Server 2010 are encrypted. Certificates are required for all internal servers that are running Lync Server 2010. Lync Server 2010 helps protect data on the network by requiring the following:
Certificates are issued by a certification authority (CA). Lync Server 2010 setup includes the Certificate Wizard to help you request, assign, and install certificates during deployment.
It can take time to process certificate requests, especially requests to public certification authorities (CAs). You can request certificates for your Lync Server 2010 servers early to make sure that they are available when you start deployment. If you want to request certificates before you install the servers, you can use the Lync Server 2010 administrative tools or use a certificate request procedure defined in your organization. You may want to do this to save time when you deploy servers. However, you must make sure that the certificates are exportable and that they contain all the required subject alternative names.
Requesting certificates in advance is optional. If you do not request certificates in advance, you must request them when you set up the servers that require a certificate.
We recommend that you use an internal enterprise CA for internal servers. Doing this could save you money. For more information about internal CAs, see Request Certificates from an Internal Enterprise CA
(http://technet.microsoft.com/en-us/library/gg425787.aspx)on the Microsoft TechNet website.
You can also use a public CA. To see a list of public CAs that provide certificates, see article 929395: Unified Communications Certificate Partners for Exchange Server and for Communications Server
(http://go.microsoft.com/fwlink/?LinkId=202834). Certificates from these CAs comply with specific requirements for unified communications (UC) certificates. These public CAs also work with Microsoft to make sure that their certificates work with the Lync Server Certificate Wizard.
A CA issues and manages security credentials and public keys for message encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority to verify the information that you send when you request a digital certificate. If the registration authority verifies your information, the CA can issue a certificate.
Lync Server 2010 uses certificates for the following purposes: