Hi guys,

At present we have Exchange hidden behind an ARR cluster that's used exclusively for Exchange and operates as a reverse proxy and load balancer. It has the public certificate on it and all is well. Internal and external clients both traverse ARR.

We will be using UM later on.

Whilst the UCC on the ARR is all good, I'm looking at adding Lync 2013 into the environment, and will use the same ARR cluster as a RP/HLB for it too.

This will mean I either need to:

- Buy a new certificate with a WHOPPING 30 SAN's!!!
- Look at deploying a wildcard

So my question is, from an Exchange point of view would everything be okay if I changed the certificate on ARR from the UCC to a wildcard?

Thanks - Steve

Hi.

For RP everything is clear and transparent it is possible to use wildcard certificate. For Lync 2013 you will need to buy a certificate with the name sip.domain1.com. . . sip.domain-N.com. Perhaps you need more names to support federated services or federations with OCS.

Under this I think to look in the direction of UCC with the ability to append the names in the certificate.

Certificate Planning in Exchange 2013

Certificate requirements for external user access in Lync Server 2013

Plan for Edge Server certificates in Lync Server 2013

Unified Communications certificate partners