Topic Last Modified: 2012-10-20

Certificate requirements for a Director with a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director pool can receive. A certificate is requested for each Director in the pool. Additionally there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.

Certificates for a Scaled Director Using a Hardware Load Balancer

Component Subject name (SN) Subject alternative names (SAN) Comments

Default

dirpool01.contoso.net

dirpool01.contoso.net

dir01.contoso.net

dialin.contoso.com

meet.contoso.com

lyncdiscoverinternal.contoso.com

lyncdiscover.contoso.com

(Optionally) *.contoso.com

Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA.

The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server.

Or, a wildcard entry for the simple URLs

OAuthTokenIssuer

dir01.contoso.net

No Entry

Important:
Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits.

The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.