To create the certificate request for the external interface of the Edge Server

1. On the Edge Server, in the Deployment Wizard, on the Deploy Edge Serverpage, next to Step 4: Configure Certificates for the Edge Server, click Run.
   
   
2. On the Welcomepage of the Communications Certificate Wizard, click Next.
   
   
3. On the Available taskspage, click Create a new certificate, and then click Next.
   
   
4. On the Delayed or Immediate Requestpage, select the Prepare the request now, but send latercheck box, and then click Next.
   
   
5. On the Name and Security Settingspage, type a friendly name for the certificate, specify the bit length (typically, the default of 1024), verify that the Mark certificate as exportablecheck box is selected, and then click Next.
   
   
6. On the Organization Informationpage, type the name for the organization and the organizational unit (for example, a division or department), and then click Next.
   
   
7. On the Your Server's Subject Namepage, type or select the subject name and subject alternate name of the Edge Server:
   
   
   • The subject name should match the fully qualified domain name (FQDN) of the server published by the external firewall for the external interface on which you are configuring the certificate. For the external interface of the Access Edge Server, this certificate subject name should be sip.< domain>.
     
     
   • If multiple Session Initiation Protocol (SIP) domain names exist and they do not appear in Subject alternate name, type the name of each additional SIP domain as sip.< domain>, separating names with a comma. Domains entered during configuration of the Access Edge Server are automatically added to this box.
     
     

   Note:

   For the subject alternate name, wildcard character naming is allowed. The wildcard character works for one domain level in the name. For example, if you type *.litwareinc.com as the Subject Alternate Name, names such as a. litwareinc.com and b. litwareinc.com would be validated, but a.a. litwareinc.com would not. Wildcard character naming is only supported for allowed and discovered partner domains, not for instant messaging (IM) provider federation.

8. Click Next.
   
   
9. On the Geographical Informationpage, type the location information, and then click Next.
   
   
10. On the Certificate Request File Namepage, type the full path and file name of the file to which the request is to be saved, and then click Next.
    
    
11. On the Request Summarypage, click Next.
    
    
12. On the Certificate Wizard Completedpage, verify successful completion, and then click Finish.
    
    
13. Copy the output file to a location where you can submit it to the public CA.