Security Certificate for Microsoft Lync Setup
Download CA Certification Chain
Complete the following procedure to download the CA certification chain.
Procedure
Step 1 |
Select . |
||
Step 2 |
Enter http://<name of your Issuing CA Server>/certsrv and select OK. |
||
Step 3 |
From Select a task, select Download a CA certificate, certificate chain, or CRL . |
||
Step 4 |
Select Download CA certificate chain. |
||
Step 5 |
Select Save in the File Download dialog box. |
||
Step 6 |
Save the file on a hard disk drive on your server.
|
What to do next
Install CA Certification Chain
Complete the following procedure to install the CA certification chain.
Before you begin
Download the CA certification chain.
Procedure
Step 1 |
Select . |
Step 2 |
Enter mmc and select OK. |
Step 3 |
Select . |
Step 4 |
Select Add in the Add/Remove Snap-in dialog box. |
Step 5 |
Select Certificates in the list of Available Standalone Snap-ins and select Add. |
Step 6 |
Select Computer account and select Next. |
Step 7 |
In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected. |
Step 8 |
Select Finish, select Close, and then select OK. |
Step 9 |
Expand Certificates (Local Computer) in the left pane of the Certificates console. |
Step 10 |
Expand Trusted Root Certification Authorities and right-click Certificates. |
Step 11 |
Point to All Tasks and select Import. |
Step 12 |
Select Next in the Import Wizard. |
Step 13 |
Select Browse and locate the certificate chain on your computer. |
Step 14 |
Select Open and select Next. |
Step 15 |
Leave the default value Place all certificates in the following store selected. |
Step 16 |
Ensure Trusted Root Certification Authorities appears under the Certificate store. |
Step 17 |
Select Next and select Finish. |
What to do next
Submit Certificate Request on CA Server
Complete the following procedure to submit the certificate request on the CA server.
Before you begin
Install the CA Certification Chain.
Procedure
Step 1 |
Select . |
Step 2 |
Enter the following command to create a certificate request for Microsoft Lync Server: Request-CsCertificate -New -Type Default -DomainName <FQDN of Lync Server> -Output c:\cert.csr -ClientEku $true |
Step 3 |
From Microsoft Lync Server, enter the URL http://<name of your Issuing CA server>/certsrv. |
Step 4 |
Select Request a Certificate and then select Advanced certificate request. |
Step 5 |
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. |
Step 6 |
Open the file cert.csr from Step 2 and copy all information in the file to the clipboard. |
Step 7 |
Paste the information from the file cert.csr to the Saved Request box in the certificate authority server and select Submit. |
What to do next
Approve and Import Certificate
Complete the following procedure to approve and import the certificate.
Before you begin
Submit the Certificate Request on the CA Server.
Procedure
Step 1 |
From the Certificate Authority Server, select . |
Step 2 |
Select Pending Requests and find the new certificate in the list. |
Step 3 |
Right-click on the new certificate and select . |
Step 4 |
From Microsoft Lync Server, enter the URL http://<name of your Issuing CA server>/certsrv. |
Step 5 |
Select View the status of a pending certificate request. |
Step 6 |
Select Base 64 encoded and download the certificate as a cer file extension to the Microsoft Lync server local drive. |
Step 7 |
Sign in as a member of the Administrators group to the same Microsoft Lync Server on which you created the certificate request. |
Step 8 |
Start the Lync Server Deployment Wizard and select Install or Update Lync Server System. |
Step 9 |
Select Run Again (beside Step 3: Request, Install, or Assign Certificates). |
Step 10 |
From the Available Certificate Tasks page, select Import a certificate from a .p7b, pfx or .cer file. |
Step 11 |
In the Import Certificate page, enter the full path and filename of the certificate that you retrieved from the Certificate Authority in Step 6. Alternatively, you can select Browse to locate and select the file. |
What to do next
Assign Imported Certificate
Complete the following procedure to assign the imported certificate.
Before you begin
Approve and import the Certificate.
Procedure
Step 1 |
From Microsoft Lync Server start the Lync Server Deployment Wizard. |
Step 2 |
Select Install or Update Lync Server System. |
Step 3 |
Select Run Again in Step 3: Request, Install or Assign Certificates. |
Step 4 |
From the Available Certificate Tasks page, select Assign an existing certificate. |
Step 5 |
From the Certificate Assignment page, select Next. |
Step 6 |
From the Advanced Certificate Usages page, select all checkboxes to assign the certificate for all usages. |
Step 7 |
From the Certificate Store page, select the certificate that you requested and imported. |
Step 8 |
In the Certificate Assignment Summary page, review your settings, and select Next to assign the certificates. |
Step 9 |
From the wizard completion page, select Finish. |
Step 10 |
Open the Certificate snap-in on each server, select Details pane. , and verify that the certificate is listed in the |
What to do next
Verify Certificate Setup for Server and Client Authentication