Lync Server utilizes SSL certificates to protect connections by authenticating the endpoint and then encrypting transmissions. Lync Server can utilize either public or private certificates. This is to say that a Lync Server administrator has the option to purchase certificates from a publicly trusted third party such as Verisign or Digicert or he can choose to issue his own certificates from an internally developed PKI.
A PKI consists of hardware and software in addition to policies and procedures to create and manage digital certificates. Although a full explanation of how to plan and manage a PKI goes beyond the scope of this chapter, the decisions for how a PKI is built determine how far it can be trusted to secure identities and information.