- All Lync Server 2010 servers and Lync 2010 clients use certificates.
- All certificates must support Mutual Transport Layer Security (MTLS) and Transport Layer Security (TLS), Secure Real-Time Transport Protocol (SRTP), and other industry-standard encryption techniques. This includes 128-bit Advanced Encryption Standard (AES) encryption.
Certificates are issued by a certification authority (CA). Lync Server 2010 setup includes the Certificate Wizard to help you request, assign, and install certificates during deployment.
It can take time to process certificate requests, especially requests to public certification authorities (CAs). You can request certificates for your Lync Server 2010 servers early to make sure that they are available when you start deployment. If you want to request certificates before you install the servers, you can use the Lync Server 2010 administrative tools or use a certificate request procedure defined in your organization. You may want to do this to save time when you deploy servers. However, you must make sure that the certificates are exportable and that they contain all the required subject alternative names.
Requesting certificates in advance is optional. If you do not request certificates in advance, you must request them when you set up the servers that require a certificate.
We recommend that you use an internal enterprise CA for internal servers. Doing this could save you money. For more information about internal CAs, see Request Certificates from an Internal Enterprise CA on the Microsoft TechNet website.
You can also use a public CA. To see a list of public CAs that provide certificates, see article 929395: Unified Communications Certificate Partners for Exchange Server and for Communications Server. Certificates from these CAs comply with specific requirements for unified communications (UC) certificates. These public CAs also work with Microsoft to make sure that their certificates work with the Lync Server Certificate Wizard.
Lync Server 2010 uses certificates for the following purposes:
- TLS connections between client and server
- MTLS connections between servers
- Federation using automatic Domain Name System (DNS) discovery of partners
- Remote user access for instant messaging (IM)
- External user access to audio/video (A/V) sessions, application sharing, and conferencing
- Mobile requests using automatic discovery of Web Services
- Configure Certificates for Front End Servers
- Configuring Certificates for Standard Edition Servers
- Configure Certificates for the Director
- Configure Certificates for Stand-alone A/V Conferencing Servers
- Install the Files for Mediation Server
- Configure Certificates on the Server Running Microsoft Exchange Server Unified Messaging
ID articol: 2667698 - Ultima examinare: 30 apr. 2012 - Revizie: 1