The following sections summarize the certificate requirements for the internal and external interfaces of Edge Servers.

Certificate Requirements for the Internal Interface of Edge Servers

Each Edge Server must have a certificate on the internal interface, between the perimeter network and the internal network. All three Edge Server services on that server share this certificate. The subject name of the certificate must match the internal FQDN of the Access Edge service of that Edge Server.

These guidelines apply to Edge Servers at both the data center and at remote sites.

Certificate Requirements for the External Interface of Edge Servers

Each Edge Server requires two certificates on the external interface—one for the Access Edge service, and one for the Web Conferencing Edge service. (The A/V Edge service does not require a certificate.) Each of these certificates must have a subject name that matches the external FQDN of that edge service on that server.

For external certificates, public certificates are required for public IM connectivity, and to enable anonymous users to be invited to Web conferencing meetings. Public certificates also provide enhancements to federation relationships. Additionally, if you want to support public IM connectivity with AOL, AOL requires a certificate configured for both client and server authorization.

A/V Authentication Certificate

An additional certificate is required for audio/video (A/V) authentication. The private key of the A/V authentication certificate is used to generate authentication credentials.

This can be an internal certificate, but as a security precaution, you should not use the same certificate for A/V authentication that you use for any of the Edge Server services.

The same A/V authentication certificate must be installed on each Edge Server if multiple servers are deployed in a load-balanced array. This means that the certificate must be from the same issuer and use the same private key.