I just finished to install a OCS Edge in consolited mode with 3 Public IP.
My Access Edge has an A record : sip.domain.com Webconf : webconference.domain.com Av : audiovideo.domain.com
domain is the same than my SIPDomaine, user registred under @domain.com
I juste would have a confirmation about two things :
- I don't need a SAN for my access edge because SIPdomain is the same as @domain.com and the A record of Edge is sip.domain.com* - Can I use or not one certificate for all (Reverse Proxy and WebConf and Access). Like Principal Name with sip.domaine.com and SAN with Reverse Proxy FQDN and Webconf FQDN) ? Is it supported ?
Should I use Public CA (Entrust, Digicert or COmodo) to be supported or can i use another CA ?
The SAN value of sip.domain.com set by the OCS certificate wizard is sufficient; you don't need a separate entry for just domain.com if thatis what you are asking.
A single certificate can work in some scnearios for a consolidated Edge server sometimes doesn't, depending on the issuing CA, configuration settings, etc. It's recommended to use dedicated certificates per Edge role, but not required.
IF you have a specific CA you are currently using I'd search the forums to so if there are any known issues with that vendor when used with OCS. Most common ones should work but there have been some troublesome ones in the past.Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
OCS R2 Edge : One SIP domaine and certificate
