alternate number (828)-505-7480

A customer had a Lync 2010 environment with a pool name that used a private domain name and not an FQDN.  When we attempted to request a UCC certificate from GoDaddy.com from the CSR generated from the Lync Deplyment Wizard we recieved the error:

You must use a fully-qualified primary domain name for UCC Certificate Request.

We called GoDaddy and according to them there was no way around this.  So after attempting to generate a customized CSR with the Request-CsCertificate command without any success, we found how to manually generate a customized CSR using the certreq command.

First create an INF file called cert.inf with the following content:

[NewRequest]
Subject = “CN=name.company.com
Exportable = TRUE
KeyLength = 2048
MachineKeySet = True
FriendlyName=”Your Cert Friendly Name
KeySpec=1
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
[RequestAttributes]
CertificateTemplate=WebServer
SAN=”dns=meet.company.com&dns=dialin.company.com&dns=lync.company.local

Then use the command

certreq –new cert.inf cert.req

If you get an error about not having a template just ignore it.  Then open the cert.req file that was created in notepad and copy the CSR and paste it into GoDaddy.  I had to manually add my alternate names on the GoDaddy page, but it went through and I was then able to successfully import the cert into Lync.  The common name was the FQDN and one of the alternate names is the private pool name in Lync.