15 Juli 2009 14:38
It's known that wildcard certs arent' supported with OCS, but if a company wanted to save money, could they request a certificate for sip.contoso.com that included all the public names of all the edge servers and pools buried in it? Just one giant cert for all of OCS? Obvious security reasons aside, would this work functionally? Has anyone set one up like this?
And apply it to anything that wants a certificate?
16 Juli 2009 11:42ModeratorYou can use a single cert for the 3 external Edge roles, but there are some caveats to the way that the Web Conferencing role selects and displays the name correctly in the configuration. It's not a recommended deployment, but many people have gotten it to work. But using the same cert on multiple servers for all the other roles probably hasn't been attempted and I would think would be a major headache. The internal servers typically utilize free, Internal certs so there is no need to over-complicate that. Also, UC SAN certs are typically many times the cost of a standard certificate so in the long run it might be cheaper to have 2-3 certs for the 2-3 OCS servers.
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS