GoDaddy won’t issue a UCC cert for a Lync pool with a private domain name

A customer had a Lync 2010 environment with a pool name that used a private domain name and not an FQDN.  When we attempted to request a UCC certificate from GoDaddy.com from the CSR generated from the Lync Deplyment Wizard we recieved the error:

You must use a fully-qualified primary domain name for UCC Certificate Request.

We called GoDaddy and according to them there was no way around this.  So after attempting to generate a customized CSR with the Request-CsCertificate command without any success, we found how to manually generate a customized CSR using the certreq command.

First create an INF file called cert.inf with the following content:

[NewRequest]
Subject = “CN=name.company.com
Exportable = TRUE
KeyLength = 2048
MachineKeySet = True
FriendlyName=”Your Cert Friendly Name
KeySpec=1
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
[RequestAttributes]
CertificateTemplate=WebServer
SAN=”dns=meet.company.com&dns=dialin.company.com&dns=lync.company.local

Then use the command

certreq –new cert.inf cert.req

If you get an error about not having a template just ignore it.  Then open the cert.req file that was created in notepad and copy the CSR and paste it into GoDaddy.  I had to manually add my alternate names on the GoDaddy page, but it went through and I was then able to successfully import the cert into Lync.  The common name was the FQDN and one of the alternate names is the private pool name in Lync.

 

 

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We perform a discovery of your current and future needs

3

We prepare a proposal