Topic Last Modified: 2010-11-07

You need to install the root certification authority (CA) certificate on the server running Microsoft Forefront Threat Management Gateway 2010 for the CA infrastructure that issued the server certificates to the internal servers running Microsoft Lync Server 2010.

You also must install a public web server certificate on your reverse proxy server. This certificate’s subject alternative names should contain the published external fully qualified domain names (FQDNs) of each pool that is home to users enabled for remote access, and the external FQDNs of all Directors or Director pools that will be used within that Edge infrastructure. The subject alternative name must also contain the meeting simple URL, and the dial-in simple URL as shown in the following table.

Value Example

Subject name

Pool FQDN

webext.contoso.com

Subject alternative name

Pool FQDN

webext.contoso.com

Important:
The subject name must also be present in the subject alternative name.

Subject alternative name

Meeting simple URL

Note:
All meeting simple URLs must be in the subject alternative name. Each SIP domain must have at least one active meeting simple URL.

meet.contoso.com

Subject alternative name

Dial-in simple URL

dialin.contoso.com

Note:
If your internal deployment consists of more than one Standard Edition server or Front End pool, you must configure web publishing rules for each external web farm FQDN and you will either need a certificate and web listener for each, or you must obtain a certificate whose subject alternative name contains the names used by all of the pools, assign it to a web listener, and share it among multiple web publishing rules.