Can I use wildcard certificates?


Yes, except for deployments where the Meeting Server is integrated with On-Prem Lync/Skype for Business. In these deployments the Lync server will reject the wildcard certificate when presented, resulting in outbound calls from the Meeting Server and Presence to fail. For more information on using wildcard certificates with Lync/Skype for Business, see the note below.

Wildcard certificates cost more but can be used on multiple servers. In these wildcard certificates, you can define the CN field to be *. example.com for example and then any server that is named something. example.com will be matched as correct for this CN. This allows you to put the certificate on emailserver. example.com, webserver. example.com, ftpserver. example.com, etc. and use just this one certificate.

However, there are some limitations; in the example above anything named beyond that scheme will not work, such as acano.video.example.com.

In terms of usage wildcard certificates are created, authorized and uploaded as normal. 


Notes on using wildcard certificates with Lync/Skype for Business deployments:

  • If using a local Lync Front End server with a Meeting Server deployment, the Lync Front End server can make TLS connections to the Meeting Server using a wildcard certificate, as it knows the FQDN it is connecting to (from the Trusted App setup and Static Route) and can verify that the wildcard certificate is valid for that FQDN.
  • Do not use wildcard certificates in On-Prem Lync deployments which integrate the Meeting Server to a Lync Front End Server, as all outgoing connections from the Meeting Server to Lync will fail. This is due to the  Lync Front End server only looking at the Common Name of a certificate and matching that name to a Trusted App. Since no name is given, it has no way to verify if the FQDN is valid for that certificate, and rejects it with an error stating that the Peer has presented a wildcard certificate but did not identify with a Negotiate Message.
  • For a Direct Federation deployment where the Meeting Server communicates with remote Lync edge servers only, using a wildcard will work as long as the DNS A records used are valid for the domain covered by the wildcard certificate.
Last update:
21-May-2019
FAQ ID:
1042