Reviewing the Certificates Report

Topic Last Modified: 2011-03-09

The Certificates Report contains all certificates that would be required in the recommended Microsoft Lync Server 2010 deployment. The Planning Tool accounts for the subject names and subject alternative names that are input, and default text that is left unedited may represent a potential challenge for the team responsible for requesting and issuing the certificates. Certificate information also contains information about where the certificate can typically be issued from. If the infrastructure does not have an internal public key infrastructure (PKI) in place, all certificates can be requested through a public certificate provider. Extended key usages (EKU) and Assign To fields in the report are very helpful in understanding what the purpose and location for each certificate should be.

Carefully review and fully understand the use and purpose of each certificate in the deployment. If there is a question about what a certificate does, determine what server or service is talking to what. Certificates in Lync Server 2010 are used for two primary purposes:

• Mutual Transport Layer Security (MTLS) – The computers involved in the communication each present a certificate that proves their identity to another computer – this is known as server authentication. Communication cannot commence until each computer trusts the other computer’s identity. MTLS relies on the enhanced key usage ability on the certificate to be set to allow for a computer–to-computer authentication requirement.

• Encryption – Encryption (Secure Sockets Layer, or SSL, and Transport Layer Security, or TLS) is a critical means to help secure communications, help ensure privacy, and to create a trusted communications and collaboration system.