We are currently working through a Lync 2013 Standard deployment with a reverse proxy and a front edge server.
We purchased a UUC cert from godaddy and have installed the cert on the Edge and Reverse Proxy and can make successful connections using standard and mobile clients.
When mobile devices connect over our BYOD wifi network they get prompted twice to accept the internal cert assigned to our front end server. I understand it is best practice not to put the internal names on the external cert and am trying to figure out what is needed to allow authentication without the domain prompt. We do not want to install the internal ca cert on all the devices and prefer to use autodiscover.
Since we have so many domains our meet url is meet.domainb.com/Domain to minimize certs.
What is the recommended approach to grant access to internal mobile devices without installing the internal cert on the devices?
Current External Cert:
| access.DomainB.com |
| av.DomainB.com |
| conference.DomainB.com |
| dialin.DomainB.com |
| DomainA.com |
| DomainB.com |
| DomainC.com |
| DomainD.com |
| DomainE.com |
| DomainF.com |
| DomainG.com |
| DomainH.com |
| DomainI.com |
| DomainJ.com |
| DomainK.com |
| DomainL.com |
| DomainM.com |
| DomainN.com |
| DomainO.com |
| lyncdiscover.DomainA.com |
| lyncdiscover.DomainB.com |
| lyncdiscover.DomainC.com |
| lyncdiscover.DomainD.com |
| lyncdiscover.DomainE.com |
| lyncdiscover.DomainF.com |
| lyncdiscover.DomainG.com |
| lyncdiscover.DomainH.com |
| lyncdiscover.DomainI.com |
| lyncdiscover.DomainJ.com |
| lyncdiscover.DomainK.com |
| lyncdiscover.DomainL.com |
| lyncdiscover.DomainM.com |
| lyncdiscover.DomainN.com |
| lyncdiscover.DomainO.com |
| lync-web.DomainB.com |
| meet.DomainB.com |
| sip.DomainA.com |
| sip.DomainB.com |
| sip.DomainC.com |
| sip.DomainD.com |
| sip.DomainE.com |
| sip.DomainF.com |
| sip.DomainG.com |
| sip.DomainH.com |
| sip.DomainI.com |
| sip.DomainJ.com |
| sip.DomainK.com |
| sip.DomainL.com |
| sip.DomainM.com |
| sip.DomainN.com |
| sip.DomainO.com |
| webapps.DomainB.com |
| web-ext.DomainB.com |
