Provisioning certificates for Edge Servers was a sore subject back in the Office Communications Server days, but the process has been greatly simplified by the wizards used since Lync Server 2013. This section discusses the certificate requirements and considerations for organizations deciding between public certificates and privately issued certificates.
An Edge Server requires certificates for three services:
• Internal Edge Interface
• Access Edge Service
• Web Conferencing Edge Service
Although the A/V Edge Media Relay service also runs on TCP 443, it does not have a certificate assigned. Instead, a key used to encrypt and decrypt the media flowing through this port is first passed through the Access Edge FQDN. ...