locked
certificate RRS feed

  • Question

  • hi,

    we have SFB FE server, Edge server and reverse proxy, I want to check the certificate for each server. 

    My cert for edge server and reverse proxy server will be expired, so I need to buy new certificate for them.

    What info I need to check to provide for the cert provider? 

    I am sorry, I don't know how to buy public cert?

    We use IIS for reverse proxy, how to check the detail info for certificate ?


    • Edited by NYRX1 Tuesday, September 4, 2018 5:49 AM
    Tuesday, September 4, 2018 4:52 AM

All replies

  • Hello,

    You need to use the Skype for Business Server Deployment Wizard (Step 3) to create an offline request for a new Edge Certificate.  The Edge Certificate Common Name needs to be the FQDN of your Access Edge, and the cert also needs to include the FQDN of the other External Edges.

    If you have a wildcard cert you can use that for your Reverse Proxy, or use a SAN cert that includes your dialin, discovery, meet, and Web Services FQDNs.

    Hope this helps.

    Steve 

    Tuesday, September 4, 2018 7:44 AM
  • Hi,

    To renew your certificate, please check the brand of your certificate first, then go to the official webpage of the public CA vendor to see the procedures of applying certificate.

    Please also make sure the SN and SAN are added to the certificate properly when create CSR in the Skype for Business Server Deployment Wizard (Step 3). This CSR should be received before you buy the certificate.

    By the way, to review your SN and SAN of your current certificate, please do as follows.

    You could run “MMC” in CMD on Edge and IIS server, “File” – “Add/Remove Snap-in…” – Add “Certificate” (Computer account), navigate to “Personal” – “Certificates” list.

    Double click the using certificate, check the “Subject” under “Details”, also check if it has “Subject Alternative Name”. 

    If the SAN exist, please record them, you may use them when creating CSR in the next steps. If there is no “SAN” attribute, then you could use the “CN” attribute in “Subject” to create the CSR.

    Then you may use Step3 to create the CSR for Edge server, you could refer to this link: https://www.digicert.com/csr-creation-lync-2013.htm

    Please add all required SANs in the CSR. (Usually Edge and IISARR server may use the same certificate.) At last, you will need to provide the CSR to the public certificate vendor. 

    Kind regards, 

    Calvin Liu

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.



    Please remember to mark the replies as answers if they are helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 4, 2018 9:07 AM
  • how to check when certificate of IIS ARR will be expired? Check cert bindings in default web site?
    • Edited by NYRX1 Wednesday, September 5, 2018 1:58 AM
    Wednesday, September 5, 2018 1:29 AM
  • Hi,

    Yes, you are right, you could check the cert info from the bindings in IIS default web site.

    Kind regards, 

    Calvin Liu


    Please remember to mark the replies as answers if they are helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by NYRX1 Thursday, September 6, 2018 2:27 AM
    • Unmarked as answer by NYRX1 Tuesday, September 11, 2018 8:21 AM
    Wednesday, September 5, 2018 9:52 AM
  • Thank you

    If we use wildcard cert for IIS ARR, how to renew wildcard cert, can you guide me?

    Thursday, September 6, 2018 2:28 AM
  • Hi,

    Are there someone can help me with this?

    Monday, September 10, 2018 3:14 AM
  • Hi,

    For renewing your IIS ARR wildcard cert, you could refer to the following article:

    https://www.digicert.com/ssl-certificate-renewal-iis-7.htm

    Please feel free to let me know if any.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Kind regards,

    Calvin Liu


    Please remember to mark the replies as answers if they are helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.



    • Edited by Calvin-Liu Tuesday, September 11, 2018 10:07 AM
    Tuesday, September 11, 2018 10:05 AM
  • Hi,

     

    Are there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, it will help others who has similar issue.

    Kind regards,

    Calvin Liu


    Please remember to mark the replies as answers if they are helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 11, 2018 10:09 AM