Topic Last Modified: 2013-03-06

Imports a certificate for use with Lync Server. If a certificate is not acquired by using the Request-CsCertificate cmdlet, then that certificate must be imported before it can be assigned to a Lync Server server role. This cmdlet was introduced in Lync Server 2010.

Syntax

Import-CsCertificate -Identity <XdsIdentity> -Type <CertType[]> <COMMON PARAMETERS>
Import-CsCertificate [-PrivateKeyExportable <$true | $false>] <COMMON PARAMETERS>
COMMON PARAMETERS: -Path <String> [-Confirm [<SwitchParameter>]] [-EffectiveDate <DateTime>] [-Force <SwitchParameter>] [-Password <String>] [-Report <String>] [-Roll <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Examples

EXAMPLE 1

The command shown in Example 1 imports the certificate C:\Certificates\WebServer.pfx. After the command completes, the certificate will be available to be assigned to a server role.

Copy Code
Import-CsCertificate -Path "C:\Certificates\WebServer.pfx" -PrivateKeyExportable $True

Detailed Description

Lync Server uses certificates as a way for servers and server roles to verify their identities; for example, an Edge Server uses certificates to verify that the computer it is communicating with really is a Front End Server and vice versa. In order to fully implement Lync Server you will need to have the appropriate certificates assigned to the appropriate server roles.

In order for certificates to be assigned to a Lync Server role those certificates must be made known to Lync Server. The Request-CsCertificate cmdlet enables you to make both online and offline requests for new certificates. If an online request is made, the certificate will automatically be downloaded and saved in the local certificate store; equally important, it will be immediately available for use by Lync Server. If an offline request is made, a certificate file will be sent to you. At that point, you can use the Import-CsCertificate cmdlet to import the certificate, a process that makes the certificate available for assignment to a Lync Server server role.

Who can run this cmdlet: You must be a local administrator in order to run the Import-CsCertificate cmdlet locally. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Import-CsCertificate"}

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Rtc.Management.Xds.XdsIdentity

When set to Global, enables the certificate to function at the global scope. Global certificates will automatically be copied and distributed to the appropriate computers.

Path

Required

System.String

Full path to the certificate file to be imported. For example: –Path "C:\Certificates\WebServer.cer".

Type

Required

Microsoft.Rtc.Management.Deployment.CertType[]

Type of certificate being requested. Certificate types include, but are not limited to, the following:

* AccessEdgeExternal

* AudioVideoAuthentication

* DataEdgeExternal

* Default

* External

* Internal

* iPadAPNService

* iPhoneAPNService

* LogRetentionService

* MPNService

* OAuthTokenIssuer

* PICWebService

* ProvisionService

* SMPDNSWebService

* TenantAdmin

* UpgradeEngineService

* WebServicesExternal

* WebServicesInternal

* WsFedTokenTransfer

* XMPPServer

Confirm

Optional

System.Management.Automation.SwitchParameter

Prompts you for confirmation before executing the command.

EffectiveDate

Optional

System.DateTime

Date and time when the certificate can first be used. For example, to configure a certificate for first use at 8:00 AM on July 31, 2012 use this syntax on a server running under the US English Region and Language settings:

-EffectiveTime "7/31/2012 8:00 AM"

Force

Optional

System.Management.Automation.SwitchParameter

Suppresses the display of any non-fatal error message that might occur when running the command.

Password

Optional

System.String

Password associated with the certificate file.

PrivateKeyExportable

Optional

System.Boolean

When set to True, ensures that the private key portion of the certificate can be read by the Network Service account.

Report

Optional

System.String

Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\Certificates.html"

Roll

Optional

System.Management.Automation.SwitchParameter

Enables you to update the specified certificate at the date and time specified by the EffectiveDate parameter; this enables you to specify a date and time when the new certificate will become the primary certificate. Note that your command will fail if you specify the Roll parameter without including the EffectiveDate parameter.

WhatIf

Optional

System.Management.Automation.SwitchParameter

Describes what would happen if you executed the command without actually executing the command.

Input Types

None. The Import-CsCertificate cmdlet does not accept pipelined input.

Return Types

None.

See Also