When planning for the deployment of certificates in an Office Communications Server (OCS) Pool, you should pay special attention to the use of the SAN (Subject Alternate Name) fields. There is no mention when deploying external web conferencing that you must include the FQDN of each FE server in the SAN field of the OCS Pool cert.
This is because the access edge servers connect directly to the FQDNs of the OCS FE servers when external users join a meeting. The OCS R2 Enterprise Edition Deployment Guide indicates that SAN fields are only required for multiple SIP domains.
In the recently released Microsoft Certificate deployment document, it states that wildcards are allowed in the SAN fields of OCS Pool certs. The truth is that if you are supporting web conferencing from the public internet then your OCS pool certificate must contain in the SAN fields the FQDNs of each FE server. If you use wildcards in the SAN fields, the OCS services won't even start.
This was first published in May 2010