A customer had a Lync 2010 environment with a pool name that used a private domain name and not an FQDN. When we attempted to request a UCC certificate from GoDaddy.com from the CSR generated from the Lync Deplyment Wizard we recieved the error:
You must use a fully-qualified primary domain name for UCC Certificate Request.
We called GoDaddy and according to them there was no way around this. So after attempting to generate a customized CSR with the Request-CsCertificate command without any success, we found how to manually generate a customized CSR using the certreq command.
First create an INF file called cert.inf with the following content:
Subject = “CN=name.company.com“
Exportable = TRUE
KeyLength = 2048
MachineKeySet = True
FriendlyName=”Your Cert Friendly Name“
OID=22.214.171.124.126.96.36.199.1 ; Server Authentication
Then use the command
certreq –new cert.inf cert.req
If you get an error about not having a template just ignore it. Then open the cert.req file that was created in notepad and copy the CSR and paste it into GoDaddy. I had to manually add my alternate names on the GoDaddy page, but it went through and I was then able to successfully import the cert into Lync. The common name was the FQDN and one of the alternate names is the private pool name in Lync.