Install a certificate on Skype for Business Server 2015 (Formerly Lync)
Preparing the install
To install your certificate whose private key and CSR were generated on it, you will need to import your PKCS#7 (.p7b) file, available in your delivery email or from your certificate status page.- If you used the graphical wizard to generate your private key and CSR, you will need to complete the install with it.
- If you used the powershell command line, you will need to complete the install using it.
- If you have a PKCS#12 (.pfx or .p12) file, generated using another tool like Keybot, you can also read the Install section.
Install a certificate
To install a certificate or import a PKCS#12 (.p12 or .pfx) file, you will need to enter this command in your Skype for Business Server powershell, replacing the path:Import-CsCertificate -Path "c:\your_certificate.pfx" -PrivateKeyExportable $TrueYou can now enable your certificate.
Enable a certificate
You first need to find the certificate hash to enable it.Identify your certificate
To identify a certificate, you need to the the Get-CsCertificate cmdlet, possibly combined with the Where-Object cmdlet to sort results.The following command will list all available certificates:
Get-CsCertificateThe following command will list all available certificates expiring on January, 01 2016. However, the date format must respect your server's region settings. The following example is based on the French Day/Month/Year format:
Get-CsCertificate | Where-Object {$_.NotAfter -lt "01/01/2016"}The following example will find all valid examples for the CN domain.tld:
Get-CsCertificate | Where-Object {$_.Subject -eq "CN=domaine.tld"}You can also combine results on multiple fields, for instance:
Get-CsCertificate | Where-Object {$_.NotAfter -lt "01/01/2016" -and $_.Subject -eq "CN=domaine.tld"}
Enable the certificate
To enable a certificate for default and webservices roles, using a Thumbprint, run the following command:Set-CsCertificate -Type Default, WebServicesInternal, WebServicesExternal -Thumbprint "B142918E463981A76503828BB1278391B716280987B"If your search command was only returning one result, you can use redirection streams to directly enable the certificate, i.e.:
Get-CsCertificate | Where-Object {$_.Subject -eq "CN=domaine.tld"} | Set-CsCertificate -Type Default, WebServicesInternal, WebServicesExternal
Choosing services
It is important to evaluate for which services you want to enable the certificate using the parameter -Type. For more information on each service's features, we recommend reading Microsoft's reference documentation.Useful links
Last edited on 08/03/2020 09:07:27 --- [search]