TLS configuration
must be used for partitioned intradomain federation between the
IM and Presence
Service and Lync servers. TCP cannot be used. To support TLS
encryption between
IM and Presence Service and Lync, each Lync server
must have a signed security certificate. This signed certificate, along with
the root certificate of the Certificate Authority (CA) that signed the
certificate, must be installed on each Lync server.
Cisco recommends
that Lync and
IM and Presence Service servers share the same CA. If
not, the root certificate of the CA that signed the
IM and Presence Service certificates must also be
installed on each Lync server.
Generally, the
root certificate of the Lync CA is already installed on each Lync server.
Therefore, if Lync and
IM and Presence Service share the same CA, there may
be no need to install a root certificate. However, if a root certificate is
required, see the following details.
If you are using
Microsoft Certificate Authority, refer to the following procedures in the
Interdomain
Federation for
IM and Presence
Service on
Cisco Unified Communications Manager
for information about installing the root
certificate from the Microsoft Certificate Authority onto Lync:
If you are using
an alternative CA, the following procedure is a generic procedure for
installing root certificates onto Lync servers. The procedure for downloading
the root certificate from the CA differs depending on your chosen CA.
Note
|
The
Integration Guide for Configuring
IM and Presence
Service for Interdomain Federation document refers to the
Access Edge Server. For partitioned intradomain federation, you can replace
references to the Access Edge Server with Lync Standard Edition server or
Enterprise Edition front-end server.
|
Before You Begin
Download the root
certificate or certificate chain from your CA and save it to the hard disk of
your Lync server.