I wanted to address this topic because it appears to be cropping up on TechNet regularly. In this post we will discover what is and is not supported, what certificates we need for each server and their requirements. Before we start delving into the details, it is important to understand from the outset that Skype for Business has very strict certificate requirements and should you attempt to deviate from the supported model, then you will find that certain modalities will not work at all. The temptation is to try and save money on certificates, the most common error I see is people trying to use wildcard certificates. These are not supported for non web traffic whether you use Skype for Business or not, these are not intended for Unified Communications across all vendors. The justification for using a wildcard is to save money. This I can tell you is false economy. If you ignore the requirements and purchase a wildcard certificate, you will end up having to purchase a SAN certificate in the end to get your services working. In so doing wasted about £200 in the process. The justification for doing it the right way and not trying to cut costs on certificates is simple; you’ve spent £30K on servers, £100K on licencing Skype for Business, £50k on peripherals, £30K on SBCs for your Skype for Business deployment without worry, so why try so hard to save £50 on a certificate?? So there is no argument or justification for not doing it right in my opinion.
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale