Home > Lync Server/Skype for Business Server > One Liner: Add Trusted Root Cert Authorities to Edge Servers

One Liner: Add Trusted Root Cert Authorities to Edge Servers

Chris Hayward (@WeakestLync) wrote a great blog post with a neat & easy way to add trusted root certificates for your edge servers. Of course, everything in Lync and Skype for Business uses certificates, so ensuring you have all of the certificates is crucial for federation with other organizations.

Once I saw Chris’s method, I, of course, thought that PowerShell could do this as well. Voila, a one-liner to do it. This example uses the same list from Chris’s blog post, and suppresses the output so you can use it your provisioning scripts.

'https://comodo.com', 'https://digicert.com', 'https://www.entrust.net', 'https://geotrust.com', 'https://www.globalsign.com', 'https://godaddy.com', 'https://www.symantec.com', 'https://thawte.com', 'https://wisekey.com' | ForEach-Object {$null = Invoke-WebRequest -Uri $_}

This method essentially just cycles through each item in the array, and does a web request for each. As each web request is completed, any new certificates are automatically added to the trusted root cert store. Usually, some of these already exist, so don’t be surprised if the total certificate count doesn’t increase by the same number of items in the array.

  1. Daniel
    June 14th, 2016 at 07:37 | #1

    Hi What name should it be on the added root certificate after I browser symantic.com? When I check the root certificated I can´t see the name. The reason I ask is that I have alarm 14603 even after I add the domains to federated. The common issue to the alarm is that every external federation domain uses Symantec certificate//BR Daniel

  2. June 20th, 2016 at 15:22 | #2

    Pat – for symantec.com I had to add www to the url , otherwise it throws an SSL error – seems like something is wrong on their end with the redirect from symantec.com to http://www.symantec.com

  3. Korbyn
    August 29th, 2017 at 15:12 | #3

    I don’t run into Comodo much, but the line item for it fails. I’ve tried other combinations of names to find a working one without success, maybe some else will have some luck in finding a working one.

  4. August 29th, 2017 at 15:14 | #4

    Yeah, I noticed that a couple of days ago. It’s an issue on the Comodo side. I’m testing a new version that also adds a couple more public CAs. Look for it soon.

  5. Korbyn
    December 6th, 2017 at 13:17 | #5

    @Pat Richard
    Any luck?

  1. September 1st, 2016 at 08:41 | #1