Manualshelf

SBM powered by Microsoft Lync Administrator's Guide 2010-11

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
221222223224225226227228229230
A-48
Ready the Data Center for an SBM Deployment
Ready a Certificate for the SBM
the request (guided by the Setup Wizard, which eliminates most errors). In
addition, he or she cannot proceed in the installation until the request has been
signed and returned.
When the SBM administrator submits the request, you can issue the certificate
using a Windows CA or a third-party CA. If you are using a Windows CA, simply
submit the request and save out the certificate. You do not need to append any
special options to the request. The certificate request specifies the Web Server
template and, given that the SBM administrator has completed the wizard
correctly, includes the SBM’s subject name and SANs.
Note The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of
the subject name. By default, it suggests the FQDN as the SAN. These settings
are required for the certificate to function correctly.
If you are using a third-party CA, simply make sure that the signed certificate
is returned as a PEM-encoded Base-64 file.
SBM Administrator Initiates an Automatic Request to
Your CA
The SBM administrator can also initiate an autoenrollment request for the
certificate. This option has the advantage that the private key is generated on
the SBM and never leaves it. It also removes the delay involved in manually
signing an offline request. However, the SBM administrator is in charge of
entering the correct information in the request (guided by the Setup Wizard,
which eliminates most errors).
Note The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of
the subject name. By default, it suggests the FQDN as the SAN. These settings
are required for the certificate to function correctly.
In addition, this option requires you to give the SBM administrator permission
to enroll for Web Server certificates.
The SBM administrator is a member of the RTCUniversalSBATechnicians
group. You could give this group permission to enroll for Web Server certifi-
cates. Alternatively, you could have the domain administrator give the SBM
administrator the credentials for an account that has this permission already.