0

I have been struggling trying to figure out the right way to do this.

Here is my setup. I have 2 sangoma servers (Lync 2013 in a box) The Front End server is is the main server. The Reverse Proxy and Edge Servers are VMs on the Front End.

LyncFE1 I go through the Deployment Wizard and I see I have 2 internal interfaces that have internal CA Certs. All good. Then I have one external interface with the godaddy cert. enter image description here

Edge1 I go through the Deployment wizard I have one internal and one external interface each with the appropriate certs.

Reverse Proxy 1 I use IIS and it has the right Cert.

Then I go to

LyncFE2 and all 3 interfaces I have the internal Cert. enter image description here

I had a vendor who installed this and we are ironing out the issues but they are gone and I need to renew the godaddy. I have followed the steps of building a request (Checking all private keys to be exportable) and pasting it on godaddy's site and getting the IIS version of the certs. But when I go import the cert I does not show up in the assignable cert. So I tried going through certmagr and It installs again it is not available to assign and If I try to export it I do not get the option to export the Private keys.

I built the request on the FE and installed on the FE. Should I be building the request on the Edge? Should I be downloading a different version like exchange? What am I doing wrong? Shouldn't LyncFE2 have the godaddy cert?

user219716
  • 31
  • 6
  • "The Front End server is is the main server. The Reverse Proxy and Edge Servers are VMs on the Front End." This is just wrong on so many levels... – Massimo Feb 11 '16 at 16:01
  • Anyway, you seem to have *four* servers: two front-ends, one edge and one reverse proxy. And yes, if you have two front-end servers in the same pool, they should use the same certificates for the same roles. – Massimo Feb 11 '16 at 16:03
  • But they could happily use private certificates for the external web services: the reverse proxy is the only server which is actually Internet-facing, thus you could put the public certificate there and use private certificates on the actual servers; the RP will proxy the requests to the internal servers, and external clients will only see the certificate on the RP. – Massimo Feb 11 '16 at 16:04

1 Answers1

1

I did get it work I had to create the request on the Edge server and now I have both FEs using the same certificate. I used the godaddy cert because I could basically. Thanks for the information Massimo. Since that vendor left me high dry on some stuff I am learning a lot.

user219716
  • 31
  • 6