JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Generate a CSR for Skype for Business Server 2015 (Formerly Lync)

Skype for Business Server is the new Microsoft Lync replacement/iteration. It is often necessary to certify multiple sub-domains for a potentially large number of machines. Microsoft recommends using UCC certificates.

Service consideration

It is important to consider services for which the certificate will have to be enabled. These services must be indicated in the Type argument from the CSR generation command. Here is a non-exhaustive list of arguments:
  • AccessEdgeExternal
  • AudioVideoAuthentication
  • DataEdgeExternal
  • Default
  • External
  • Internal
  • iPhoneAPNService
  • iPadAPNService
  • MPNService
  • PICWebService (Skype for Business Online only)
  • ProvisionService (Skype for Business Online only)
  • WebServicesExternal
  • WebServicesInternal
  • WsFedTokenTransfer
The Default type is generally to be considered. Can also be noted the Default,AccessEdgeExternal,DataEdgeExternal types for Edge servers, and the Default,WebServicesExternal,WebServicesInternal types for web streams.

CSR Generation

Here is a command to adapt and run to generate your CSR:
Request-CsCertificate -New -Type YOUR_TYPES -Organization "My Organization" -Country FR -State "Rhone"  -City "Lyon" -FriendlyName "Skype Cert" -KeySize 2048 -DomainName "domain.tld" -PrivateKeyExportable $True -Output C:\domain.tld.csr
Replace YOUR_TYPES by your roles/services for which you would like to enable your certificate (see above).

-PrivateKeyExportable $True allows you to make your private key exportable

You can also add the optional arguement -OU "Your Service/Department/Unit" to fill the Organizational Unit field, to add information about an organizational unit, like a service or a department.

Additional Information

N.B.: Certificates using a reserved IP address or an internal name (xxx.local, compter_name) has been deprecated by the CA / Browsers Forum and will not be accepted by any authority (more information).

See Also