Installing Skype for Business – Part 6

Share this:

In this Tutorial we are going over the process to configure the Certificate for the Skype for Business Server 2015.


Skype for Business requires some attention from the administrator to have all certificates properly configured, the basic rule is that Public Certificates are required on the Edge  and Proxy roles, and all other roles including the Front-End that we are installing on this series require only an internal PKI.

So, just to make sure we must have an internal PKI in place to perform this Tutorial, okay?

In the previous Tutorial, we finished the Step 1 and Step 2, and now we are going to click on Run in the Step 3: Request, Install or Assign Certificates section.


Creating a certificate for the Skype for Business server…

The first step is to select all items underneath Default Certificate, as shown in the figure below, and then click Request.


The wizard has changed in Skype for Business, now it is much simpler and we can get most of the information required on a single page. Please fill out the required information, and if there is a CA on your Active Directory, then it will be listed on the first field. Click Next.


In the new page, a summary of all settings chosen on the previous page will be listed, click Next.


In the last page of the wizard, click Next.


As part of the process, a new wizard to assign the brand new certificate will be started automatically if we use the default settings, on the first page, just click Next.


In the Online Certificate Request Status page. We will have the result that the certificate was added to the local certificate store, click on Finish. The option Assign this certificate to Skype for Business Server certificate usages is automatically selected and a new wizard will start immediately.


In the Certificate Assignment Summary page. Click Next


In the last page, wait for the completion of the process and click on Finish.


If everything went well, we will have a result similar to the one shown in the figure below, where the certificate for the current server is properly installed.


Managing the OAuthTokenIssuer certificate

This process must be done just once per environment, and we will be generating and assigning the certificate required for the server to server communication, and this type of certificate is stored globally and it is replicated as part of the Central Management Store (CMS) process.

In order to create the OAuthTokenIssuer certificate, let’s select it from the list, and then click Request.


In the Certificate Request page. Fill out the missing fields, and hit Next.


In the Certificate Request Summary page. Click Next.


In the Executing Commands page. Click Next to complete the certificate request process.


In the final page of the certificate request, click on Finish.


Now in the Certificate Wizard, we will have both sections covered as shown in the image below. In the Location we can identify that the first steps of this article were for the Server (Local), and this previous section was towards to the OAuthTokenIssuer (Global). Click on Close.


Now we are good to start our Skype for Business services and start using the product, and we will check those final steps in the Tutorial of this series.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at, and (Portuguese).