A common misconception is that all of these certificates should be purchased from a public certificate authority, which is only partly true. Only certificates used for the external-facing Edge interface should come from a public certificate authority. The Edge Server’s internal interface certificate can be issued from a private certificate authority that is trusted only by internal servers and clients.
Microsoft has partnered with a few certificate vendors to ensure that the X.509 certificates work with Lync Server. Those vendors are listed here:
Certificates from other vendors also work if all clients trust the certificate, but Microsoft has not verified those ...