Manually Generating the Certificate request for Lync Server 2010 and roles

All Lync Server 2010 servers and Lync 2010 clients use certificates and network communications in Lync Server 2010 are encrypted by default. Certificates are required for all internal servers that include Standard or Enterprise Edition server Front End Server, A/V Conferencing Server, Mediation Server, and Director. (I use the server name: Lync-FE)

I planned to deploy Lync Edge Server which controls how users outside the firewall can connect to your internal Lync Server. The Edge internal interface typically uses a private certificate issued by an internal certification authority (CA), but can also use a public certificate, provided that it is from a trusted public CA. (I use the server name: Lync-Edge)

The reverse proxy in your deployment uses a public certificate and encrypts the communication from the reverse proxy to clients and the reverse proxy to internal servers by using HTTP (that is, Transport Layer Security over HTTP) but for my testing I am going to use the my internal Enterprise CA to generate the certificate manually. (I use the server name: Lync-RP)

For Details

* Open mmc and add Certificates in Computer Account then select local computer.


Then expand the Certificates >> Personal  – right click on it, All Tasks >> Advanced Operations >> Create Custom Request …


The following steps will help to create the certificate


Click Next and select “Proceed without enrollment policy” then click Next


Select (No template) Legacy key then click Next

Click Details then click Properties


In General tab: I have given a friendly name “Lync Server 2010”


In Subject tab: Select Common Name  in Subject name type then give your Lync Server name then select DNS in Alternative name type and enter your all SAN names


In Extensions tab: Add Digital Signature and Key encipherment


In the same tab, under the Extended Key Usage, select Server Authentication and Client Authentication

In Private Key tab: Select the Key size 2048, make sure you select “Make Private Key Exportable” and select key type – Exchange, then click Apply and OK


Click Next and Save the file. ….. This file will be used to Request a new certificate in CA server for Lync Server.

Generate the certificate in Active Directory Certificate Services