Generate a CSR for Skype for Business Server 2015 (Formerly Lync)
Skype for Business Server is the new Microsoft Lync replacement/iteration. It is often necessary to certify multiple sub-domains for a potentially large number of machines. Microsoft recommends using UCC certificates.Service consideration
It is important to consider services for which the certificate will have to be enabled. These services must be indicated in the Type argument from the CSR generation command. Here is a non-exhaustive list of arguments:- AccessEdgeExternal
- AudioVideoAuthentication
- DataEdgeExternal
- Default
- External
- Internal
- iPhoneAPNService
- iPadAPNService
- MPNService
- PICWebService (Skype for Business Online only)
- ProvisionService (Skype for Business Online only)
- WebServicesExternal
- WebServicesInternal
- WsFedTokenTransfer
CSR Generation
Here is a command to adapt and run to generate your CSR:Request-CsCertificate -New -Type YOUR_TYPES -Organization "My Organization" -Country FR -State "Rhone" -City "Lyon" -FriendlyName "Skype Cert" -KeySize 2048 -DomainName "domain.tld" -PrivateKeyExportable $True -Output C:\domain.tld.csrReplace YOUR_TYPES by your roles/services for which you would like to enable your certificate (see above).
-PrivateKeyExportable $True allows you to make your private key exportable
You can also add the optional arguement -OU "Your Service/Department/Unit" to fill the Organizational Unit field, to add information about an organizational unit, like a service or a department.
Additional Information
N.B.: Certificates using a reserved IP address or an internal name (xxx.local, compter_name) has been deprecated by the CA / Browsers Forum and will not be accepted by any authority (more information).See Also
Last edited on 02/23/2016 15:41:31 --- [search]