Set up TLS and MTLS

If you configured the Lync gateway using TLS inConfiguring Lync Server:

1. On the Lync Server, export the CIC server's Trusted Certificate, including all Certificates in the Certificate Path to include the Root CA Certificate. Export it in PKCS#12 (.PFX) format. Export the private key also.

2. On the CIC server, you need to extract the Public and Private Key. This can be completed by using openSSL or ssl_app-w32r-1-2.exe:

   1. Extract the private key:

      ssl_app-w32r-1-2.exe pkcs12 -in <pfx_file_name>.pfx -nocerts -nodes -out priv.pem

   2. Extract the public key:

      ssl_app-w32r-1-2.exe x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem

3. If checking the Require mutual authentication (MTLS) check box, make sure the certificate that Lync uses to connect to CIC has Client Authentication X509 Extended Key Usage (client EKU). Instructions for how to configure this in Lync can be found in the following articles:

   • http://technet.microsoft.com/en-us/library/gg398409.aspx

   • http://technet.microsoft.com/en-us/library/bb694035.aspx#BKMK_siteserver1

   

4. Import the Line Authority Certificates in CIC.

   1. In Interaction Administrator, choose System Configuration, Certificate Management, and Authority Certificates.

   2. Add the root Certificate Authority (CA) and all the intermediate CA certificates used to sign the Lync certificate.

5. On the Port-To-Certificate Mappings tab, click Add. Choose the CIC server Certificate created on the Lync Server and select Port: 5066 (the port we chose for the Lync line).