Home > Lync Server/Skype for Business Server > One Liner: Add Trusted Root Cert Authorities to Edge Servers

One Liner: Add Trusted Root Cert Authorities to Edge Servers

September 19th, 2015 Leave a comment Go to comments

Chris Hayward (@WeakestLync) wrote a great blog post with a neat & easy way to add trusted root certificates for your edge servers. Of course, everything in Lync and Skype for Business uses certificates, so ensuring you have all of the certificates is crucial for federation with other organizations.

Once I saw Chris’s method, I, of course, thought that PowerShell could do this as well. Voila, a one-liner to do it. This example uses the same list from Chris’s blog post, and suppresses the output so you can use it your provisioning scripts.

'https://comodo.com', 'https://digicert.com', 'https://www.entrust.net', 'https://geotrust.com', 'https://www.globalsign.com', 'https://godaddy.com', 'https://www.symantec.com', 'https://thawte.com', 'https://wisekey.com' | ForEach-Object {$null = Invoke-WebRequest -Uri $_}

This method essentially just cycles through each item in the array, and does a web request for each. As each web request is completed, any new certificates are automatically added to the trusted root cert store. Usually, some of these already exist, so don’t be surprised if the total certificate count doesn’t increase by the same number of items in the array.

Categories: Lync Server/Skype for Business Server Tags: , , , , ,
  1. Daniel
    June 14th, 2016 at 07:37 | #1
    Reply | Quote

    Hi What name should it be on the added root certificate after I browser symantic.com? When I check the root certificated I can´t see the name. The reason I ask is that I have alarm 14603 even after I add the domains to federated. The common issue to the alarm is that every external federation domain uses Symantec certificate//BR Daniel

  2. mitch
    June 20th, 2016 at 15:22 | #2
    Reply | Quote

    Pat – for symantec.com I had to add www to the url , otherwise it throws an SSL error – seems like something is wrong on their end with the redirect from symantec.com to http://www.symantec.com

  3. Korbyn
    August 29th, 2017 at 15:12 | #3
    Reply | Quote

    I don’t run into Comodo much, but the line item for it fails. I’ve tried other combinations of names to find a working one without success, maybe some else will have some luck in finding a working one.

  4. Pat Richard
    August 29th, 2017 at 15:14 | #4
    Reply | Quote

    @Korbyn
    Yeah, I noticed that a couple of days ago. It’s an issue on the Comodo side. I’m testing a new version that also adds a couple more public CAs. Look for it soon.

  5. Korbyn
    December 6th, 2017 at 13:17 | #5
    Reply | Quote

    @Pat Richard
    Any luck?

  1. September 1st, 2016 at 08:41 | #1
    Certificate Expiry Checklist | greiginsydney.com