One Liner: Add Trusted Root Cert Authorities to Edge Servers
Chris Hayward (@WeakestLync) wrote a great blog post with a neat & easy way to add trusted root certificates for your edge servers. Of course, everything in Lync and Skype for Business uses certificates, so ensuring you have all of the certificates is crucial for federation with other organizations.
Once I saw Chris’s method, I, of course, thought that PowerShell could do this as well. Voila, a one-liner to do it. This example uses the same list from Chris’s blog post, and suppresses the output so you can use it your provisioning scripts.
'https://comodo.com', 'https://digicert.com', 'https://www.entrust.net', 'https://geotrust.com', 'https://www.globalsign.com', 'https://godaddy.com', 'https://www.symantec.com', 'https://thawte.com', 'https://wisekey.com' | ForEach-Object {$null = Invoke-WebRequest -Uri $_}
This method essentially just cycles through each item in the array, and does a web request for each. As each web request is completed, any new certificates are automatically added to the trusted root cert store. Usually, some of these already exist, so don’t be surprised if the total certificate count doesn’t increase by the same number of items in the array.
Hi What name should it be on the added root certificate after I browser symantic.com? When I check the root certificated I can´t see the name. The reason I ask is that I have alarm 14603 even after I add the domains to federated. The common issue to the alarm is that every external federation domain uses Symantec certificate//BR Daniel
Pat – for symantec.com I had to add www to the url , otherwise it throws an SSL error – seems like something is wrong on their end with the redirect from symantec.com to http://www.symantec.com
I don’t run into Comodo much, but the line item for it fails. I’ve tried other combinations of names to find a working one without success, maybe some else will have some luck in finding a working one.
@Korbyn
Yeah, I noticed that a couple of days ago. It’s an issue on the Comodo side. I’m testing a new version that also adds a couple more public CAs. Look for it soon.
@Pat Richard
Any luck?