...
...
...
- The Bastion requires SSL certificate
...
- . Either in .pfx format or .crt + .key format
...
- . In order for the Bastion to be able to use the certificate the Private Key password has to be supplied (it can be encrypted).
- The certificate should be signed by a public Root CA. This is optional if using a reverse proxy in front of the Bastion with SSL offloading capabilities since the load balancer could ignore the certificate being not valid.
- The
...
- certificate needs to have
...
- Skype for Business addresses in its “Subject Alternative names” section.
...
- When using EWS capabilities the certificate also needs to have the EWS
...
- and Autodiscover
...
- addresses.