For instance, if your Active Directory domain is not a publically routable domain such as domain.local, then you are not going to be able to use public certificates for internal servers anyway due to the fact public providers can no longer sign internal domains in their certificates by law. In some cases you will not be able to use these anyway.
There are several reasons why using these certificates can be preventative to your deployment and you should use your internal certificate authority for internal servers as best practice. Using public SSL certificates from GoDaddy and the likes for internal Skype for Business servers is supported, but isn’t cost effective for large scale deployments. Using Trusted SSL Certificates for Internal Servers The justification for doing it the right way and not trying to cut costs on certificates is simple you’ve spent £30K on servers, £100K on licencing Skype for Business, £50k on peripherals, £30K on SBCs for your Skype for Business deployment without worry, so why try so hard to save £50 on a certificate? So there is no argument or justification for not doing it right in my opinion. In so doing wasted about £200 in the process.
If you ignore the requirements and purchase a wildcard certificate, you will end up having to purchase a SAN certificate in the end to get your services working. The justification for using a wildcard is to save money. These are not supported for non web traffic whether you use Skype for Business or not, these are not intended for Unified Communications across all vendors. The temptation is to try and save money on certificates, the most common error I see is people trying to use wildcard certificates. Before we start delving into the details, it is important to understand from the outset that Skype for Business has very strict certificate requirements and should you attempt to deviate from the supported model, then you will find that certain modalities will not work at all. In this post we will discover what is and is not supported, what certificates we need for each server and their requirements. I wanted to address this topic because it appears to be cropping up on TechNet regularly.
0 kommentar(er)
