Installing Skype for Business – Part 6

Share this:

In this Tutorial we are going over the process to configure the Certificate for the Skype for Business Server 2015.

Solution


Skype for Business requires some attention from the administrator to have all certificates properly configured, the basic rule is that Public Certificates are required on the Edge  and Proxy roles, and all other roles including the Front-End that we are installing on this series require only an internal PKI.

So, just to make sure we must have an internal PKI in place to perform this Tutorial, okay?

In the previous Tutorial, we finished the Step 1 and Step 2, and now we are going to click on Run in the Step 3: Request, Install or Assign Certificates section.

image2

Creating a certificate for the Skype for Business server…

The first step is to select all items underneath Default Certificate, as shown in the figure below, and then click Request.

image5

The wizard has changed in Skype for Business, now it is much simpler and we can get most of the information required on a single page. Please fill out the required information, and if there is a CA on your Active Directory, then it will be listed on the first field. Click Next.

image6

In the new page, a summary of all settings chosen on the previous page will be listed, click Next.

image9

In the last page of the wizard, click Next.

image39

As part of the process, a new wizard to assign the brand new certificate will be started automatically if we use the default settings, on the first page, just click Next.

image15

In the Online Certificate Request Status page. We will have the result that the certificate was added to the local certificate store, click on Finish. The option Assign this certificate to Skype for Business Server certificate usages is automatically selected and a new wizard will start immediately.

image

In the Certificate Assignment Summary page. Click Next

image18

In the last page, wait for the completion of the process and click on Finish.

image21

If everything went well, we will have a result similar to the one shown in the figure below, where the certificate for the current server is properly installed.

image24

Managing the OAuthTokenIssuer certificate

This process must be done just once per environment, and we will be generating and assigning the certificate required for the server to server communication, and this type of certificate is stored globally and it is replicated as part of the Central Management Store (CMS) process.

In order to create the OAuthTokenIssuer certificate, let’s select it from the list, and then click Request.

image27

In the Certificate Request page. Fill out the missing fields, and hit Next.

image30

In the Certificate Request Summary page. Click Next.

image33

In the Executing Commands page. Click Next to complete the certificate request process.

image36

In the final page of the certificate request, click on Finish.

image42

Now in the Certificate Wizard, we will have both sections covered as shown in the image below. In the Location we can identify that the first steps of this article were for the Server (Local), and this previous section was towards to the OAuthTokenIssuer (Global). Click on Close.

image45

Now we are good to start our Skype for Business services and start using the product, and we will check those final steps in the Tutorial of this series.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).