Topic Last Modified: 2010-12-06

Returns information about certificates on the local computers that have been configured for use with Microsoft Lync Server 2010.

Syntax

Get-CsCertificate [-NetportId <String>] [-Report <String>] [-Type <CertType[]>]

Parameters

Parameter Required Type Description

Type

Optional

String

Type of certificate being requested. Certificate types include, but are not limited to, the following:

AccessEdgeExternal

AudioVideoAuthentication

DataEdgeExternal

Default

External

Internal

PICWebService (Microsoft Lync Online 2010 only)

ProvisionService (Microsoft Lync Online 2010 only)

WebServicesExternal

WebServicesInternal

WsFedTokenTransfer

For example, this syntax returns information about the Default certificate: -Type Default.

You can specify multiple types in a single command by separating the certificate types with commas:

-Type Internal,External,Default

NetportId

Optional

String

Reserved for future use. This parameter is for certificates dedicated to a specific port, a scenario not yet supported by Lync Server.

Report

Optional

String

Enables you to record detailed information about the procedures carried out by Get-CsCertificate. The parameter value should be the full path to the HTML file that will be generated; for example: -Report C:\Logs\Certificates.html. If the specified file already exists, it will automatically be overwritten with the new information.

Detailed Description

Lync Server 2010 uses certificates as a way for servers and server roles to verify their identities; for example, an Edge Server uses certificates to verify that the computer it is communicating with really is a Front End Server, and vice versa. In order to fully implement Lync Server you will need to have the appropriate certificates assigned to the appropriate server roles.

The Get-CsCertificate cmdlet provides a way for you to retrieve detailed information about the certificates that have been configured for use with Lync Server. Note that the cmdlet only returns information about Lync Server certificates. If a certificate has not been configured for use with Lync Server (by using the Set-CsCertificate cmdlet) then that certificate will not be returned when you run Get-CsCertificate.

Who can run this cmdlet: By default, members of the following groups are authorized to run the Get-CsCertificate cmdlet locally: RTCUniversalServerAdmins.

Input Types

None. Get-CsCertificate does not accept pipelined input.

Return Types

Get-CsCertificate returns instances of the Microsoft.Rtc.Management.Deployment.CertificateReference object.

Example

-------------------------- Example 1 ------------------------

Copy Code
Get-CsCertificate

The command shown in Example 1 returns information about the certificates currently assigned to Lync Server components. This is done by calling Get-CsCertificate without any additional parameters.

-------------------------- Example 2 ------------------------

Copy Code
Get-CsCertificate -Type WebServicesInternal

Example 2 retrieves all the Lync Server certificates used for internal Web services. To do this, the Type parameter is included, along with the parameter value WebServicesInternal.

-------------------------- Example 3 ------------------------

Copy Code
Get-CsCertificate | Where-Object {$_.NotAfter -lt "9/1/2011"}

The preceding command returns all the Lync Server certificates that expire before September 1, 2011. To carry out this task, the command first uses Get-CsCertificate to return a collection of all the Lync Server certificates currently in use. This collection is then piped to the Where-Object cmdlet, which selects only those certificates that expire before September 1, 2011. The date specified in this example (9/1/2011) uses the U.S. English format for date-time values. Dates should be specified using a format compatible with your Regional and Language Options.

-------------------------- Example 4 ------------------------

Copy Code
Get-CsCertificate | Where-Object {$_.Issuer -eq "Cn=MyCa"}

Example 4 returns information about all the Lync Server certificates issued by the certification authority (CA) MyCa. To do this, the command first calls Get-CsCertificate without any parameters in order to return a collection of all the certificates currently in use. This collection is then piped to Where-Object, which picks out all the certificates where the Issuer property is equal to (-eq) "Cn=MyCa".

-------------------------- Example 5 ------------------------

Copy Code
Get-CsCertificate | Where-Object {$_.Subject -eq "CN=atl-cs-001.litwareinc.com"}

The command shown in Example 5 returns all the Lync Server certificates where the Subject property has been set to CN=atl-cs-001.litwareinc.com. This is done by using Get-CsCertificate to return a collection of all the Lync Server certificates, then piping that collection to the Where-Object cmdlet. In turn, Where-Object selects only those certificates where the Subject property is equal to "CN=atl-cs-001.litwareinc.com".

See Also