Reverse Proxy for Skype for Business 2016

Question

Trying to get UTM 9.5 to work as the reverse proxy for our Skype for Business 2015 Frontend. Skype is set up and working and UTM works until we get to the certificate. When an external client hits one of the simple URLs such as meet.domain,com the client receives the internal CA Certificate that is installed on the Skype Front end not the public SSL certificate installed on the UTM. Microsoft recommends that the Skype Front end have a certificate from the internal CA and the reverse proxy have a publicly recognized certificate. The question is to get this to work do I need to replace the internal CA certificate on the Front end with the public certificate for this to work? If anyone has tis working it this what you needed to do?

This thread was automatically locked due to age.

DouglasFoster · Answer

The UTM revetse proxy and its certificate only gives you access to one machine, such as skypefrontend.mycompany.com. 
 From your description, it appears that the rest of the solution depends on a form of https inspection using a root certificate to imitate other servers. That architecture always requires every client to have the root CA installed on every client device, including remote devices. You will need to contact Microsoft experts to see if they have an alternate technique. It is not a UTM issue or a oroblem that UTM can solve.