New-CsWebTrustedCACertificate
Creates a new certificate ID object based on an existing certification authority (CA) certificate. This cmdlet was introduced in Lync Server 2010.
Syntax
New-CsWebTrustedCACertificate
-Thumbprint <String>
-CAStore <CAStore>
[<CommonParameters>]
Description
Web Services configuration settings are used to help manage Skype for Business Server Web servers and Web Services.
Among the property values that can be managed using these settings is the TrustedCACerts property, which represents a collection of certification authorities trusted by Skype for Business Phone Edition.
Certificates obtained from trusted CAs allow these clients to enhance the security of connections with servers running Skype for Business Server.
To add a new CA to the collection of trusted certification authorities, you must add the certificate chain for that CA in the local computer's certificate store.
After you have verified that the certificate chain has been installed, you can then use the New-CsWebTrustedCACertificate
cmdlet to create a certificate ID object that can be added to a collection of Web Services configuration settings.
Note that the certification authority that signs the default server certificate used when installing Skype for Business Server is automatically trusted and does not need to be added to the TrustedCACerts property of a collection of Web Services configuration settings. TrustedCACerts should only contain the identities of CAs that need to be trusted in addition to the CA that issued the default certificate. In most cases, the CA that issued the default certificate will be the only certification authority that needs to be trusted.
Examples
-------------------------- Example 1 ------------------------
$x = New-CsWebTrustedCACertificate -Thumbprint "D543DFF74FEEA425162FD25F342786F1AB453BB3" -CAStore TrustedRootCA
Set-CsWebServiceConfiguration -Identity site:Redmond -TrustedCACerts @{Add=$x}
The commands shown in Example 1 create a new trusted CA certificate and then add that certificate to the TrustedCACerts property of the Web Services configuration settings for the Redmond site.
To carry out this task, the first command in the example uses the New-CsWebTrustedCACertificate
cmdlet to create a new trusted CA certificate; that certificate can be found in the Trusted Root certificate store and has the Thumbprint D543DFF74FEEA425162FD25F342786F1AB453BB3.
The resulting certificate object is stored in a variable named $x.
After the certificate object has been created, the second command in the example adds that certificate to the TrustedCACerts property.
To do this, the command uses the Set-CsWebServiceConfiguration
cmdlet and the TrustedCACerts parameter.
The parameter value ${Add=$x} tells the cmdlet to add the certificate stored in the variable $x to the collection of trusted CA certificates.
Parameters
-CAStore
Indicates the name of the certificate store (on the local computer) where the certificate is stored. Valid values are:
TrustedRootCA
IntermediateCA
ThirdPartyRootCA
Type: | CAStore |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019 |
-Thumbprint
Thumbprint of the certificate which should be trusted by Lync Phone Edition. You can retrieve certificate issuer and thumbprint values by running this command:
Get-CsCertificate | Select-Object Issuer, Thumbprint
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019 |
Inputs
None.
The New-CsWebTrustedCACertificate
cmdlet does not accept pipelined input.
Outputs
The New-CsWebTrustedCACertificate
cmdlet creates new instances of the Microsoft.Rtc.Management.WritableConfig.Settings.Web.CACertID object.