Topic Last Modified: 2012-10-20
Certificate requirements for a Director with a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director pool can receive. A certificate is requested for each Director in the pool. Additionally there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.
Certificates for a Scaled Director Using a Hardware Load Balancer
Component | Subject name (SN) | Subject alternative names (SAN) | Comments | ||
---|---|---|---|---|---|
Default |
dirpool01.contoso.net |
dirpool01.contoso.net dir01.contoso.net dialin.contoso.com meet.contoso.com lyncdiscoverinternal.contoso.com lyncdiscover.contoso.com (Optionally) *.contoso.com |
Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA. The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. Or, a wildcard entry for the simple URLs |
||
OAuthTokenIssuer |
dir01.contoso.net |
No Entry |
The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required. |