Lync Server 2013 中的证书摘要-DNS 和 HLB 负载平衡Certificate summary - DNS and HLB load balanced in Lync Server 2013

 

上次修改的主题: 2012-10-22Topic Last Modified: 2012-10-22

具有 DNS 负载平衡和硬件负载平衡器的 Director 的证书要求将使用一个默认证书,该证书具有可接收的服务的主题名称和使用者替代名称。Certificate requirements for a Director with DNS load balancing and a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director can receive. 为池中的每个控制器请求一个证书。A certificate is requested for each Director in the pool. 请务必记住,硬件负载平衡器仅对来自反向代理的流量进行负载平衡。It is important to remember that the hardware load balancer is load balancing only the traffic from the reverse proxy. 此外,还有安装在每台服务器上用于服务器到服务器身份验证的 OAuth 令牌证书。Additionally, there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.

控制器的证书Certificates for Director

组件Component 使用者名称 (SN)Subject name (SN) 使用者替代名称 (SAN)Subject alternative names (SAN) CommentsComments

默认值Default

dirpool01.contoso.netdirpool01.contoso.net

dirpool01.contoso.netdirpool01.contoso.net

dir01.contoso.netdir01.contoso.net

dialin.contoso.comdialin.contoso.com

meet.contoso.commeet.contoso.com

lyncdiscoverinternal.contoso.comlyncdiscoverinternal.contoso.com

lyncdiscover.contoso.comlyncdiscover.contoso.com

(可选)\*.contoso.com(Optionally) \*.contoso.com

可以从内部托管的证书颁发机构 (CA) 或公共 CA 请求控制器证书。Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA.

Director 响应来自周边或边缘服务器的反向代理的请求。The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. 内部客户端将不使用控制器。Internal clients will not use the Director.

或者,简单 URL 的通配符条目Or, a wildcard entry for the simple URLs

OAuthTokenIssuerOAuthTokenIssuer

dir01.contoso.netdir01.contoso.net

无条目No Entry

重要

请注意,最小密钥长度为 1024,但您可能收到一条警告,告知建议的最小密钥长度为 2048 位。Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits.

OAuthTokenIssuer 证书是单用途证书,用于在大型环境中对服务器进行身份验证,并且可从内部 CA 或公共 CA 请求。此证书是必需的。The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.