Provisioning certificates for Edge Servers was a sore subject back in the Office Communications Server days, but the process has been greatly simplified by the wizards used since Lync Server 2013. This section discusses the certificate requirements and considerations for organizations deciding between public certificates and privately issued certificates.
An Edge Server requires certificates for three services:
• Internal Edge Interface
• Access Edge Service
• Web Conferencing Edge Service
Tip
Although the A/V Edge Media Relay service also runs on TCP 443, it does not have a certificate assigned. Instead, a key used to encrypt and decrypt the media flowing through this port is first passed through the Access Edge FQDN. There is no need to include the A/V Edge FQDN in any certificate request.
Administrators of Office Communications Server should note that since Lync Server 2010, the certificate requests are commonly broken out more simply to a certificate used for the external-facing Edge interface, and a single certificate is used for the internal-facing Edge interface.