12 March 2014

How to renew Lync Edge server "webserver" certificate

Once a year it's time to do this, and probably just like me, you think how did i do this last year.
So to never forget, or to look it up each year, here goes:

1. Inside your Lync environment, click on Start -> All Programs -> Microsoft Lync Server 2010 -> Lync Server Deployment Wizard.

2. Click on Install or Update Lync Server System.

3. Under Step 3, click on Run Again.

4. Select the certificate you would like to renew and click on Request.
5. Click Next.
6. Select Prepare the request now, but send it later (offline certificate request), and click Next.

7. Select where you want the request to be saved and click Next.
8. Click Next in the Certificate Template window.
9. Specify a name you want to use for identifying this certificate, and select "Mark the certificate's private key as exportable".

10. Enter the organization and organization unit name, as well as geographical location on the next window.
11. Next window will list Subject Names what will be included in the certificate, click Next.
12. If you are requesting a certificate for an Edge server,you will be able to select your SIP domain, click Next.
13. In this window, you will have to enter all of the Subject Alternate Names used in your Lync environment. For example lync.domain.com, edge.domain.com, dialin.domain.com, meet. domain.com etc.

14. Verify your information and click next.
15. Click Next to generate the request then click Finish.
16. Now that you have your CSR request file, send it over to your SSL provider or your local PKI environment. When you get your new certificate files, right click on each one and select Install Certificate.
17. Go back to your Lync Certificate wizard and click on Assign. Look for the friendly name you created in step 9, and select it. Click next until your certificate is assigned.
18. Restart Lync services and they should start right up. Check for any error logs in the Event Viewer.

If you plan on using the same certificate on your other Lync servers, you will have to use the Microsoft Management Console Certificate Snap-in to export and import the certificate to other servers. Now repeat from step 16.

Source 1
Source 2

No comments:

Post a Comment