Topic Last Modified: 2012-11-14

Certificate requirements for the reverse proxy are much simpler than that for the Edge Servers. The provided flowchart presents the requirements necessary. The accompanying table presents typical certificate subject name and subject alternative names in relation to the scenarios that we have been reviewed in the Edge Server discussions. For more details on the Edge Server scenarios, see Scenarios for External User Access.

Certificates Flow Chart for Reverse Proxy

Certificates Flow Chart for Edge Server

Reverse Proxy: External Interface

Component Subject name Subject alternative name (SAN)/Order Comments

Reverse Proxy

webext.contoso.com

webext.contoso.com

webdirext.contoso.com

dialin.contoso.com

meet.contoso.com

officewebapps01.contoso.com

lyncdiscover.contoso.com

(Optional):*.contoso.com

Certificate must be issued by a public CA and with the server EKU. Services include Address Book Service, distribution group expansion Office Web Apps for conferencing, and Lync IP Device publishing rules. Subject alternative name includes:

  • External Web Services FQDN for Front End Server or Front End pool

  • External Web Services FQDN for Director or Director pool

  • Dial-in conferencing

  • Online meeting publishing rule

  • Office Web Apps for conferencing

  • Lyncdiscover (Autodiscover)

The optional wildcard replaces both meet and dialin SAN