Lync Server 2013 中的证书摘要-扩展的控制器池、硬件负载平衡器Certificate summary - Scaled Director pool, hardware load balancer in Lync Server 2013

 

上次修改的主题: 2012-10-20Topic Last Modified: 2012-10-20

带有硬件负载平衡器的控制器的证书要求将使用一个默认证书,该证书具有一个主题名称和使用者替代名称,用于控制器池可以接收的服务。Certificate requirements for a Director with a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director pool can receive. 为池中的每个控制器请求一个证书。A certificate is requested for each Director in the pool. 此外,每台服务器上还安装了用于进行服务器到服务器身份验证的 OAuth Token 证书。Additionally there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.

使用硬件负载平衡器的缩放控制器的证书Certificates for a Scaled Director Using a Hardware Load Balancer

组件Component 使用者名称 (SN)Subject name (SN) 使用者替代名称 (SAN)Subject alternative names (SAN) CommentsComments

默认值Default

dirpool01.contoso.netdirpool01.contoso.net

dirpool01.contoso.netdirpool01.contoso.net

dir01.contoso.netdir01.contoso.net

dialin.contoso.comdialin.contoso.com

meet.contoso.commeet.contoso.com

lyncdiscoverinternal.contoso.comlyncdiscoverinternal.contoso.com

lyncdiscover.contoso.comlyncdiscover.contoso.com

(可选)\*.contoso.com(Optionally) \*.contoso.com

可以从内部托管的证书颁发机构 (CA) 或公共 CA 请求控制器证书。Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA.

Director 响应来自周边或边缘服务器的反向代理的请求。The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server.

或者,简单 URL 的通配符条目Or, a wildcard entry for the simple URLs

OAuthTokenIssuerOAuthTokenIssuer

dir01.contoso.netdir01.contoso.net

无条目No Entry

重要

请注意,最小密钥长度为 1024,但您可能收到一条警告,告知建议的最小密钥长度为 2048 位。Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits.

OAuthTokenIssuer 证书是单用途证书,用于在大型环境中对服务器进行身份验证,并且可从内部 CA 或公共 CA 请求。此证书是必需的。The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.