Certificate Infrastructure Support


Topic Last Modified: 2011-01-27

Microsoft Lync Server 2010 communications software requires a public key infrastructure (PKI) to support Transport Layer Security (TLS) and mutual TLS (MTLS) connections. By default, Lync Server 2010 is configured to use TLS for client-to-server connections. MTLS is used for connections between servers.

MTLS certificates must be issued by trusted certification authorities (CAs) for Lync Server. Lync Server supports certificates that are issued from the following CAs:

  • Certificates issued from an internal CA:

    • The Windows Server 2008 operating system CA

    • The Windows Server 2008 R2 operating system CA

    • The Windows Server 2003 Enterprise Edition operating system with Service Pack 1 (SP1) CA

    • Windows Server 2003 operating system with SP1 stand-alone CA (supported, but not recommended)

    When submitting a web-based certificate request to a Windows Server 2003 CA, you must submit it from a computer running either Windows Server 2003 with SP2 or Windows XP.

  • Certificates issued from a public CA

For connections from clients running Windows 7 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Vista operating system, and Microsoft Office Communicator 2007 Phone Edition, Lync Server 2010 includes support for certificates signed using the SHA-256 cryptographic hash function. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.