SBM powered by Microsoft Lync Administrator's Guide 2010-11
A-46
Ready the Data Center for an SBM Deployment
Ready a Certificate for the SBM
Ready a Certificate for the SBM
The person who performs the initial configuration of the SBM must install a
Web Server certificate on it. He or she will have four options:
■ Install a certificate/private key already created for the SBM.
■ Create a request on the SBM and submit the request for signing.
■ Automatically request a certificate from your domain CA
Note Later, when the SBM has appropriate certificates installed on it, the SBM
administrator will also have the option of assigning one of those certificates
to the Lync Server.
The automatic request from a domain CA requires your company to have a
Windows certificate authority (CA). For the other two options, the certificate
can be created or signed by your own Windows CA or by a third-party CA.
You must inform the SBM administrator which option to choose, and based
on your decision, you might need to perform some tasks in advance. The
sections below provide guidelines.
Also note that, whichever option you choose, you might need to give the SBM
administrator a file with the CA certificate chain. (This is only necessary if
your domain does not use a group policy object [GPO] to push the CA
certificate to computers when they join the domain.)
SBM Administrator Installs a Certificate/Private Key
File
This option gives you the greatest control over the certificate generation. You
generate or obtain the certificate and private key for the SBM in advance. The
SBM administrator then quickly installs it and gets the SBM up and running.
He or she does not require any special domain permissions.