Topic Last Modified: 2012-09-08

Certificate requirements for a single Director consist of a default certificate that has a subject name and subject alternative names for services that the Director can receive. Additionally, there is an OAuth Token certificate for server to server authentication purposes.

Certificates for Director

Component Subject name (SN) Subject alternative names (SAN) Comments

Default

dir01.contoso.net

dir01.contoso.net

dialin.contoso.com

meet.contoso.com

lyncdiscoverinternal.contoso.com

lyncdiscover.contoso.com

(Optionally) *.contoso.com

Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA.

The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. Internal clients will not use the Director.

Or, a wildcard entry for the simple URLs

OAuthTokenIssuer

dir01.contoso.net

No Entry
Important:
Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits.

The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.