Several certificates are used with the federation service. The first of these is referred to as the server authentication certificate, which is a standard SSL certificate used to secure communications between federation servers, clients, and federation server proxy computers. The server authentication certificate must be purchased from a public certificate authority using the federation service FQDN as the subject name. The certificate is then applied to each of the federation servers in the AD FS topology.
If a Lync hybrid deployment is planned, the subject name of the server authentication certificate instead needs to be
sts.<SIPdomain>, where <SIPdomain> is the DNS domain that will be split across the Lync ...