- Microsoft Lync Certificate For Mac Free
- Microsoft Lync Certificate For Mac Pro
- Lync For Mac 2011
- Microsoft Lync Certificate For Mac 2017
Topic Last Modified: 2016-03-29
Microsoft Lync Server 2013 communications software supports the use of a single public certificate for access and web conferencing Edge external interfaces, plus the A/V Authentication service. The Edge internal interface typically uses a private certificate issued by an internal certification authority (CA), but can also use a public certificate, provided that it is from a trusted public CA. The reverse proxy in your deployment uses a public certificate and encrypts the communication from the reverse proxy to clients and the reverse proxy to internal servers by using HTTP (that is, Transport Layer Security over HTTP).
Jun 03, 2014 I have imported the Lync server certificate, issued by our windows 2012 root CA, on the Mac clients and have stored it in the 'Login' container. Does anybody know if Lync2011 for Mac is supported for use with Lync server 2013 Std? Feb 05, 2020 Lync Server 2010 is not supported – instead we recommend customers continue to use the Lync for Mac 2011 client. Visit the Known Issues and FAQ pages for more information. Visit the Skype for Business Client Comparison Tables for side by side feature comparisons for Lync, Skype for Business and Skype for Business Server.
Following are the requirements for the public certificate used for access and web conferencing Edge external interfaces, and the A/V authentication service:
The certificate must be issued by an approved public CA that supports subject alternative name. For details, see Microsoft Knowledge Base article 929395, 'Unified Communications Certificate Partners for Exchange Server and for Communications Server,' at https://go.microsoft.com/fwlink/p/?linkId=202834.
If the certificate will be used on an Edge pool, it must be created as exportable, with the same certificate used on each Edge Server in the Edge pool. The exportable private key requirement is for the purposes of the A/V Authentication service, which must use the same private key across all Edge Servers in the pool.
If you want to maximize the uptime for your Audio/Video services, review the certificate requirements for implementing a decoupled A/V Edge service certificate (that is, a separate A/V Edge service certificate from the other External Edge certificate purposes). For details, see Changes in Lync Server 2013 that affect Edge Server planning, Plan for Edge Server certificates in Lync Server 2013 and Staging AV and OAuth certificates in Lync Server 2013 using -Roll in Set-CsCertificate.
The subject name of the certificate is the Access Edge service external interface fully qualified domain name (FQDN) or hardware load balancer VIP (for example, access.contoso.com). ). The subject name can’t have a wildcard character, it must be an explicit name.
Note
For Lync Server 2013, this is no longer a requirement, but it is still recommended for compatibility with Office Communications Server.
The subject alternative name list contains the FQDNs of the following:
The Access Edge service external interface or hardware load balancer VIP (for example, sip.contoso.com).
Note
Even though the certificate subject name is equal to the access Edge FQDN, the subject alternative name must also contain the access Edge FQDN because Transport Layer Security (TLS) ignores the subject name and uses the subject alternative name entries for validation.
The web conferencing Edge external interface or hardware load balancer VIP (for example, webcon.contoso.com).
If you are using client auto-configuration or federation, also include any SIP domain FQDNs used within your company (for example, sip.contoso.com, sip.fabrikam.com).
The A/V Edge service does not use the subject name or the subject alternative names entries.
Note
The order of the FQDNs in the subject alternative names list does not matter.
Mar 29, 2016 Certificate requirements for external user access in Lync Server 2013 Topic Last Modified: 2016-03-29 Microsoft Lync Server 2013 communications software supports the use of a single public certificate for access and web conferencing Edge external interfaces, plus the A/V Authentication service. Oct 11, 2016 Then reinject these certificates manually inside Keychain access application, just click on the.crt/.pem files. Then for each certificate in Keychain access application, click on each certificate and in Trust section 'When using this certificate: ' Select Always trust. Then save It. And restart Lync and it should be ok. Feb 16, 2018 Hardware and software requirements for Skype for Business on Mac. The Skype for Business on Mac client requires Mac OS X El Capitan and higher, and uses at least 100MB of disk space. We support the use of all built-in audio and video devices. External devices must be in the Skype for Business Solutions Catalog.
If you are deploying multiple, load-balanced Edge Servers at a site, the A/V authentication service certificate that is installed on each Edge Server must be from the same CA and must use the same private key. Note that the certificate's private key must be exportable, regardless of whether it is used on one Edge Server or many Edge Servers. It must also be exportable if you request the certificate from any computer other than the Edge Server. Because the A/V authentication service does not use the subject name or subject alternative name, you can reuse the access Edge certificate as long as the subject name and subject alternative name requirements are met for the access Edge and the web conferencing Edge and the certificate’s private key is exportable.
Solution: In the Lync for Mac sign-in window, check your user ID and password for typos. If you’re using Office 365, use the same user ID and password that you use to sign in to Office 365, for example, aprilr@contoso.onmicrosoft.com. Passwords are case-sensitive. Cause: The firewall that is built into Mac OS X is blocking Lync. Jul 23, 2015 Learn how to keep in touch and stay productive with Microsoft Teams and Office 365, even when you’re working remotely. Lync for Mac 2011 disconnects every 30 seconds after you use a certificate that bases TLS-DSK authentication to sign in. Content provided by Microsoft.
Requirements for the private (or public) certificate used for the Edge internal interface are as follows:
The certificate can be issued by an internal CA or an approved public certificate CA.
The subject name of the certificate is typically the Edge internal interface FQDN or hardware load balancer VIP (for example, lsedge.contoso.com). However, you can use a wildcard certificate on the Edge internal.
No subject alternative name list is required.
The reverse proxy in your deployment services requests for:
External user access to meeting content for meetings
External user access to expand and display members of distribution groups
External user access to downloadable files from the Address Book Service
External user access to the Lync Web App client
External user access to the Dial-in Conferencing Settings web page
External user access to the Location Information Service
External device access to the Device Update Service and obtain updates
The reverse proxy publishes the internal server Web Components URLs. The Web Components URLs are defined on the Director, Front End Server or Front End pool as the External web services in Topology Builder.
Wildcard entries are supported in the subject alternative name field of the certificate assigned to the reverse proxy. For details about how to configure the certificate request for the reverse proxy, see Request and configure a certificate for your reverse HTTP proxy in Lync Server 2013.
See Also
-->Topic Last Modified: 2017-02-17
Internal servers that are running Lync Server and that require certificates include Standard Edition server, Enterprise Edition Front End Server, Mediation Server, and Director. The following table shows the certificate requirements for these servers. You can use the Lync Server certificate wizard to request these certificates.
Tip
Wildcard certificates are supported for the subject alternative names associated with the simple URLs on the Front End pool, Front End Server, or Director. For details about wildcard certificate support, see Wildcard certificate support in Lync Server 2013.
Although an internal enterprise certification authority (CA) is recommended for internal servers, you can also use a public CA. For a list of public CAs that provide certificates that comply with specific requirements for unified communications (UC) certificates and have partnered with Microsoft to ensure they work with the Lync Server Certificate Wizard, see article Microsoft Knowledge Base 929395, 'Unified Communications Certificate Partners for Exchange Server and for Communications Server,' at https://go.microsoft.com/fwlink/p/?linkId=202834.
Communication with other applications and servers, such as Exchange 2013, requires a certificate that is supported by the other applications and products. For the 2013 release, Lync Server 2013 and other Microsoft server products, including Exchange 2013 and SharePoint Server, support the Open Authorization (OAuth) protocol for server-to-server authentication and authorization. For details, see Managing server-to-server authentication (OAuth) and partner applications in Lync Server 2013 in the Deployment documentation or the Operations documentation.
For connections from clients running Windows 7 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Vista operating system, and Microsoft Lync Phone Edition, Lync Server 2013 includes support for (but does not require) certificates signed using the SHA-256 cryptographic hash function. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.
The following tables show certificate requirements by server role for Front End pools and Standard Edition servers. All these are standard web server certificates, private key, non-exportable.
Note that server enhanced key usage (EKU) is automatically configured when you use the certificate wizard to request certificates.
Note
Each certificate Friendly Name must be unique in the computer store.
Note
If you have configured sipinternal.contoso.com or sipexternal.contoso.com in your DNS, you will need to add them in the certificate’s Subject Alternative Name.
Microsoft Lync Certificate For Mac Free
Certificates for Standard Edition Server
| Certificate | Subject name/ Common name | Subject alternative name | Example | Comments |
|---|---|---|---|---|
Default | Fully qualified domain name (FQDN) of the pool | FQDN of the pool and the FQDN of the server If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. If this pool is the auto-logon server for clients and strict Domain Name System (DNS) matching is required in group policy, you also need entries for sip.sipdomain (for each SIP domain you have). | SN=se01.contoso.com; SAN=se01.contoso.com If this pool is the auto-logon server for clients and strict DNS matching is required in group policy, you also need SAN=sip.contoso.com; SAN=sip.fabrikam.com | On Standard Edition server, the server FQDN is the same as the pool FQDN. The wizard detects any SIP domains you specified during setup and automatically adds them to the subject alternative name. You can also use this certificate for Server-to-Server Authentication. |
Web internal | FQDN of the server | Each of the following:
| SN=se01.contoso.com; SAN=se01.contoso.com; SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com; SAN=admin.contoso.com Using a wildcard certificate: SN=se01.contoso.com; SAN=se01.contoso.com; SAN=*.contoso.com | You cannot override the Internal web FQDN in Topology Builder. If you have multiple Meet simple URLs, you must include all of them as subject alternative names. Wildcard entries are supported for the simple URL entries. |
Web external | FQDN of the server | Each of the following:
| SN=se01.contoso.com; SAN=webcon01.contoso.com; SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com Using a wildcard certificate: SN=se01.contoso.com; SAN=webcon01.contoso.com; SAN=*.contoso.com | If you have multiple Meet simple URLs, you must include all of them as subject alternative names. Wildcard entries are supported for the simple URL entries. |
Certificates for Front End Server in a Front End Pool
| Certificate | Subject name/ Common name | Subject alternative name | Example | Comments |
|---|---|---|---|---|
Default | FQDN of the pool | FQDN of the pool and FQDN of the server. If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. If this pool is the auto-logon server for clients and strict DNS matching is required in group policy, you also need entries for sip.sipdomain (for each SIP domain you have). | SN=eepool.contoso.com; SAN=eepool.contoso.com; SAN=ee01.contoso.com If this pool is the auto-logon server for clients and strict DNS matching is required in group policy, you also need SAN=sip.contoso.com; SAN=sip.fabrikam.com | The wizard detects any SIP domains you specified during setup and automatically adds them to the subject alternative name. You can also use this certificate for Server-to-Server Authentication. |
Web Internal | FQDN of the pool | Each of the following:
| SN=ee01.contoso.com; SAN=ee01.contoso.com; SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com; SAN=admin.contoso.com Using a wildcard certificate: SN=ee01.contoso.com; SAN=ee01.contoso.com; SAN=*.contoso.com | If you have multiple Meet simple URLs, you must include all of them as subject alternative names. Wildcard entries are supported for the simple URL entries. |
Web external | FQDN of the pool | Each of the following:
| SN=ee01.contoso.com; SAN=webcon01.contoso.com; SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com Using a wildcard certificate: SN=ee01.contoso.com; SAN=webcon01.contoso.com; SAN=*.contoso.com | If you have multiple Meet simple URLs, you must include all of them as subject alternative names. Wildcard entries are supported for the simple URL entries. |
Microsoft Lync Certificate For Mac Pro
Certificates for Director
| Certificate | Subject name/ Common name | Subject alternative name | Example |
|---|---|---|---|
Default | FQDN of the Director pool | FQDN of the Director, FQDN of the Director pool If this pool is the auto-logon server for clients and strict DNS matching is required in group policy, you also need entries for sip.sipdomain (for each SIP domain you have). | SN=dir-pool.contoso.com; SAN=dir-pool.contoso.com; SAN=dir01.contoso.com If this Director pool is the auto-logon server for clients and strict DNS matching is required in group policy, you also need SAN=sip.contoso.com; SAN=sip.fabrikam.com |
Web Internal | FQDN of the server | Each of the following:
| SN=dir01.contoso.com; SAN=dir01.contoso.com; SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com; SAN=admin.contoso.com SN=dir01.contoso.com; SAN=dir01.contoso.com SAN=*.contoso.com |
Web external | FQDN of the server | Each of the following:
| The Director external web FQDN must be different from the Front End pool or Front End Server. SN=dir01.contoso.com; SAN=directorwebcon01.contoso.com SAN=meet.contoso.com; SAN=meet.fabrikam.com; SAN=dialin.contoso.com SN=dir01.contoso.com; SAN=directorwebcon01.contoso.com SAN=*.contoso.com |
If you have a stand-alone Mediation Server pool, the Mediation Servers in it each need the certificates listed in the following table. If you collocate Mediation Server with the Front End Servers, the certificates listed in the “Certificates for Front End Server in Front End Pool” table earlier in this topic are sufficient.
Lync For Mac 2011
Certificates for Stand-alone Mediation Server
| Certificate | Subject name/ Common name | Subject alternative name | Example |
|---|---|---|---|
Default | FQDN of the pool | FQDN of the pool FQDN of pool member server | SN=medsvr-pool.contoso.net; SAN=medsvr-pool.contoso.net; SAN=medsvr01.contoso.net |
Certificates for Survivable Branch Appliance
Microsoft Lync Certificate For Mac 2017
| Certificate | Subject name/ Common name | Subject alternative name | Example |
|---|---|---|---|
Default | FQDN of the appliance | SIP.<sipdomain> (need one entry per SIP domain) | SN=sba01.contoso.net; SAN=sip.contoso.com; SAN=sip.fabrikam.com |