Lync Server 2013 的憑證摘要-DNS 與 HLB 負載平衡Certificate summary - DNS and HLB load balanced in Lync Server 2013

 

主題上次修改日期: 2012-10-22Topic Last Modified: 2012-10-22

使用 DNS 負載平衡與硬體負載平衡器之 Director 的憑證需求,會針對 Director 可接收的服務,使用具有主體名稱和主體替代名稱的預設憑證。Certificate requirements for a Director with DNS load balancing and a hardware load balancer will use a default certificate that has a subject name and subject alternative names for services that the Director can receive. 集區中的每個 Director 要求憑證。A certificate is requested for each Director in the pool. 必須注意的是,硬體負載平衡器僅對於來自反向 Proxy 的流量進行負載平衡。It is important to remember that the hardware load balancer is load balancing only the traffic from the reverse proxy. 此外,各個伺服器上安裝的 OAuth 語彙基元憑證可用於伺服器對伺服器驗證用途。Additionally, there is an OAuth Token certificate for server to server authentication purposes that is installed on each server.

Director 憑證Certificates for Director

元件Component 主體名稱 (SN)Subject name (SN) 主體替代名稱 (SAN)Subject alternative names (SAN) 註解Comments

預設Default

dirpool01.contoso.netdirpool01.contoso.net

dirpool01.contoso.netdirpool01.contoso.net

dir01.contoso.netdir01.contoso.net

dialin.contoso.comdialin.contoso.com

meet.contoso.commeet.contoso.com

lyncdiscoverinternal.contoso.comlyncdiscoverinternal.contoso.com

lyncdiscover.contoso.comlyncdiscover.contoso.com

(選用) \*.contoso.com(Optionally) \*.contoso.com

Director 憑證可以從內部管理的憑證授權單位單位 (CA) 或公用 CA 要求。Director certificates can be requested from either an internally managed certification authority (CA) or from a public CA.

Director 會從周邊或 Edge Server 的反向 proxy 回應要求。The Director responds to requests from the reverse proxy in the perimeter or from the Edge Server. 內部用戶端將不會使用 Director。Internal clients will not use the Director.

或是簡單 URL 的萬用字元項目Or, a wildcard entry for the simple URLs

OAuthTokenIssuerOAuthTokenIssuer

dir01.contoso.netdir01.contoso.net

無項目No Entry

重要

請注意,雖然最小金鑰長度是 1024,但是您可能會收到警告表示建議最小金鑰長度為 2048 位元。Note that the minimum key length is 1024, but you may receive a warning that the minimum recommended key length is 2048 bits.

OAuthTokenIssuer 憑證是單一目的憑證,用於驗證大規模環境中的伺服器,且可向內部 CA 或公用 CA 要求。此憑證為必要。The OAuthTokenIssuer certificate is a single-purpose certificate for the purpose of authenticating servers in a large-scale environment, and can be requested from an internal CA or from a public CA. The certificate is required.