Lync Server 2013 中的憑證基礎結構支援Certificate infrastructure support in Lync Server 2013

 

主題上次修改日期: 2013-11-07Topic Last Modified: 2013-11-07

Lync Server 2013 需要公開金鑰基礎結構 (PKI) ,以支援傳輸層安全性 (TLS) 及相互 TLS (MTLS) 連線。Lync Server 2013 requires a public key infrastructure (PKI) to support Transport Layer Security (TLS) and mutual TLS (MTLS) connections. 根據預設,Lync Server 2013 設定為使用 TLS 進行用戶端對伺服器連線。By default, Lync Server 2013 is configured to use TLS for client-to-server connections. MTLS 是用於伺服器之間的連線。MTLS is used for connections between servers.

MTLS 憑證必須由受信任的憑證授權單位單位所發出 () Lync Server 2013 的 CAs。MTLS certificates must be issued by trusted certification authorities (CAs) for Lync Server 2013. Lync Server 支援從下列 Ca 發出的憑證:Lync Server supports certificates that are issued from the following CAs:

  • 內部 CA 發行的憑證:Certificates issued from an internal CA:

    • Windows Server 2003 作業系統 CAThe Windows Server 2003 operating system CA

    • Windows Server 2008 作業系統 CAThe Windows Server 2008 operating system CA

    • Windows Server 2008 R2 作業系統 CAThe Windows Server 2008 R2 operating system CA

    • Windows Server 2012 作業系統 CAThe Windows Server 2012 operating system CA

    • Windows Server 2012 R2 作業系統 CAThe Windows Server 2012 R2 operating system CA

  • 公用 CA 發行的憑證Certificates issued from a public CA

與其他應用程式和伺服器進行通訊,例如 Exchange 2013,需要另一個應用程式和產品所支援的憑證。Communication with other applications and servers, such as Exchange 2013, requires a certificate that is supported by the other applications and products. 針對2013版本,Lync Server 2013 和其他 Microsoft server 產品(包括 Exchange 2013 和 SharePoint 伺服器)都支援「開放授權」 (OAuth 伺服器對伺服器驗證和授權的) 通訊協定。For the 2013 release, Lync Server 2013 and other Microsoft server products, including Exchange 2013 and SharePoint Server, support the Open Authorization (OAuth) protocol for server-to-server authentication and authorization. 如需詳細資訊,請參閱部署檔或作業檔中的 管理 Lync server 2013 中的伺服器對伺服器驗證 (OAuth) 和夥伴應用程式For details, see Managing server-to-server authentication (OAuth) and partner applications in Lync Server 2013 in the Deployment documentation or the Operations documentation.

針對來自執行 Windows 7 作業系統、Windows Server 2008 R2 作業系統和 Microsoft Office Communicator 2007 Phone Edition 之用戶端的連線,Lync Server 2013 包含對 (的支援,但不需要使用 SHA-256 加密雜湊函數簽署) 憑證。For connections from clients running Windows 7 operating system, Windows Server 2008 R2 operating system, and Microsoft Office Communicator 2007 Phone Edition, Lync Server 2013 includes support for (but does not require) certificates signed using the SHA-256 cryptographic hash function. 為了支援使用 SHA-256 的外部存取,外部憑證由公用 CA 使用 SHA-256 發行。To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.

如需憑證需求的詳細資訊,請參閱規劃檔中的 Lync Server 2013 的憑證基礎結構需求For details about certificate requirements, see Certificate infrastructure requirements for Lync Server 2013 in the Planning documentation. 如需使用萬用字元搭配憑證的詳細資訊,請參閱支援檔中的 通配憑證支援(Lync Server 2013 )。For details about use of wildcards with certificates, see Wildcard certificate support in Lync Server 2013 in the Supportability documentation.