Topic Last Modified: 2013-03-07

Enables you to assign a certificate to a Lync Server server or server role. This cmdlet was introduced in Lync Server 2010.

Syntax

Set-CsCertificate -Reference <CertificateReference> -Type <CertType[]> [-Identity <XdsIdentity>] <COMMON PARAMETERS>
Set-CsCertificate -Identity <XdsIdentity> -Path <String> -Type <CertType[]> [-Password <String>] <COMMON PARAMETERS>
Set-CsCertificate -Thumbprint <String> -Type <CertType[]> [-Identity <XdsIdentity>] <COMMON PARAMETERS>
COMMON PARAMETERS: [-Confirm [<SwitchParameter>]] [-EffectiveDate <DateTime>] [-Force <SwitchParameter>] [-Report <String>] [-Roll <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Examples

EXAMPLE 1

The command shown in Example 1 assigns the certificate with the Thumbprint B142918E463981A76503828BB1278391B716280987B to the WebServicesExternal role on the local computer.

Copy Code
Set-CsCertificate -Type WebServicesExternal -Thumbprint "B142918E463981A76503828BB1278391B716280987B"

EXAMPLE 2

Example 2 assigns the assigns the certificate with the Thumbprint B142918E463981A76503828BB1278391B716280987B to three different roles on the local computer: Default, WebServicesInternal, and WebServicesExternal.

Copy Code
Set-CsCertificate -Type Default, WebServicesInternal, WebServicesExternal -Thumbprint "B142918E463981A76503828BB1278391B716280987B"

Detailed Description

Lync Server uses certificates as a way for servers and server roles to verify their identities; for example, an Edge Server uses certificates to verify that the computer it is communicating with really is a Front End Server and vice versa. In order to fully implement Lync Server, you will need to have the appropriate certificates assigned to the appropriate server roles.

The Set-CsCertificate cmdlet enables administrators to assign a certificate to a server or server role. Note that you can only assign certificates that have already been configured for use with Lync Server. To identify certificates available for assignment, use the Get-CsCertificate cmdlet.

Who can run this cmdlet: You must be a local administrator in order to run the Set-CsCertificate cmdlet locally. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Set-CsCertificate"}

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Rtc.Management.Xds.XdsIdentity

When set to Global, enables the certificate to function at the global scope. Global certificates will automatically be copied and distributed to the appropriate computers.

Path

Required

System.String

Full path to the .PFX certificate file.

Reference

Required

Microsoft.Rtc.Management.Deployment.CertificateReference

Object reference to a certificate configured for use with Lync Server. The following command returns an object reference (the variable $x) representing a certificate with the thumbprint B142918E463981A76503828BB1278391B716280987B:

$x = Get-CsCertificate | Where-Object {$_.Thumbprint –eq "B142918E463981A76503828BB1278391B716280987B".

Thumbprint

Required

System.String

Unique identifier for the certificate. A certificate thumbprint looks similar to this: B142918E463981A76503828BB1278391B716280987B.

Type

Required

Microsoft.Rtc.Management.Deployment.CertType[]

Type of certificate being assigned. Certificate types include, but are not limited to, the following:

AccessEdgeExternal

AudioVideoAuthentication

DataEdgeExternal

Default

External

Internal

iPhoneAPNService

iPadAPNService

MPNService

PICWebService (Microsoft Lync Online 2010 only)

ProvisionService (Microsoft Lync Online 2010 only)

WebServicesExternal

WebServicesInternal

WsFedTokenTransfer

For example, this syntax assigns the Default certificate: -Type Default.

You can specify multiple types in a single command by separating the certificate types with commas:

-Type Internal,External,Default

Confirm

Optional

System.Management.Automation.SwitchParameter

Prompts you for confirmation before executing the command.

EffectiveDate

Optional

System.DateTime

Date and time when the certificate can first be used. For example, to configure a certificate for first use at 8:00 AM on July 31, 2012 use this syntax on a server running under the US English Region and Language settings:

-EffectiveTime "7/31/2012 8:00 AM"

Force

Optional

System.Management.Automation.SwitchParameter

Suppresses the display of any non-fatal error message that might arise when running the command.

Password

Optional

System.String

Password for the certificate.

Report

Optional

System.String

Enables you to record detailed information about the procedures carried out by the Set-CsCertificate cmdlet. The parameter value should be the full path to the HTML file to be generated; for example: -Report C:\Logs\Certificates.html. If the specified file already exists it will automatically be overwritten with the new information.

Roll

Optional

System.Management.Automation.SwitchParameter

Enables you to update the specified certificate at the date and time specified by the EffectiveDate parameter; this enables you to specify a date and time when the new certificate will become the primary certificate. Note that your command will fail if you specify the Roll parameter without including the EffectiveDate parameter.

WhatIf

Optional

System.Management.Automation.SwitchParameter

Describes what would happen if you executed the command without actually executing the command.

Input Types

Microsoft.Rtc.Management.Deployment.CertificateReference.

Return Types

The Set-CsCertificate cmdlet does not return any values or objects.

See Also