Chapter 11, “Dependent Services and SQL,” covers all certificate requirements in detail. In general, the reverse proxy certificate requires a public certificate with the following entries:
• Lync Web Services External FQDN—This is defined in the topology and should be configured as the Subject Name of your certificate.
• Simple URL Entries—There should be a certificate entry in the SAN field for every meeting and dial-in simple URL. There is typically a single dial-in FQDN, and there will be a meeting FQDN for each SIP domain in the environment.
• LyncDiscover—Lync Mobile devices are hard-coded to look for the DNS entry lyncdiscover.<sipdomain>
. This should terminate at the reverse proxy, as such a certificate entry is required for each SIP domain in your environment.