Hello. I don't know if I'll ever actually finish this series. I just haven't had time to sort through all my documentation, but, as people ask me questions, I'm looking closely for those pieces/parts to blog through them.
For those of you that have paid attention:
In Part 1 – We discussed the goals and prepped the environment
In Part 2 – We focused on Topology
In Part 3 – We discussed CA/PKI
In Part 4 – We finished DNS Prep and installed Lync
Then I fell off the face of the earth for a few months…
Lately, I have been asked how to use the CA/PKI environment setup in Part 3 to actually request / assign an SSL Certificate for the Front End. Let's do that now…
Go back to your Lync 2010 Front End Server. Launch the Lync Server 2010 Deployment Wizard.
Click Install or Update Lync Server System
Choose Request, Install or Assign Certificate
Click Request
Send the request immediately. Click Next.
Select your CA. TMGAD02 is the right one here. Click Next.
No special credentials needed. Click Next.
No special template needed. Click Next.
Friendly Name for the certs… 2048 bit… Mark key for exportable. Click Next.
Org info. Click Next.
Geo info. Click Next.
These names were pulled from the topology. Click Next.
Which SIP domains to include? Click Next.
Any any other SANs based on your topology. Click Next.
Review. Click Next.
Request completed. Click Next.
CA Responded with a cert. Assign. Click Finish.
Yes please. Click View Details.
Verify Common Name & SANs. Click OK. Click Next.
Yup. Click Next.
Completed. Click Finish.
Good work. All assigned. Time to move on. Click Close.
So, that's how you request & assign your Front End SSL Certificate. The key points to remember are – each URL you input in your Topology for Dialin, Admin, Meetings, etc. – each of those need to be included as a Subject Alternative Name (SAN) on your SSL Certificate. If any of them are missing, you'll get warnings and popups when going to the Control Panel, when launching Lync, etc.
I guess next it would make sense if I actually showed you how to activate a user for Lync. Let's see if I can do that by Christmas…