Topic Last Modified: 2012-11-14
Certificate requirements for the reverse proxy are much simpler than that for the Edge Servers. The provided flowchart presents the requirements necessary. The accompanying table presents typical certificate subject name and subject alternative names in relation to the scenarios that we have been reviewed in the Edge Server discussions. For more details on the Edge Server scenarios, see Scenarios for External User Access.
Certificates Flow Chart for Reverse Proxy
Reverse Proxy: External Interface
Component | Subject name | Subject alternative name (SAN)/Order | Comments |
---|---|---|---|
Reverse Proxy |
webext.contoso.com |
webext.contoso.com webdirext.contoso.com dialin.contoso.com meet.contoso.com officewebapps01.contoso.com lyncdiscover.contoso.com (Optional):*.contoso.com |
Certificate must be issued by a public CA and with the server EKU. Services include Address Book Service, distribution group expansion Office Web Apps for conferencing, and Lync IP Device publishing rules. Subject alternative name includes:
The optional wildcard replaces both meet and dialin SAN |