Update – May-26-2015: With the help of Yoav Barzilay, we’ve updated the script to include several new features:
- Support for EDGE servers Certificates retrieval
- Support Skype for Business Server 2015 environment
- The script include parameters which allow you to retrive certificates from FE, EDGE and OWAS all together or one at a time
- Visual improvements
- Connectivity tests for servers in Pool
- A smarter filter for environment to ignore environments with OCS 2007 R2
Download version 0.46 from Here
Update – August-8-2014: With the help of Anthony Caragol, I’ve updated the script to include two new features:
- The script query every server within a pool and not just the pool itself
- The script is using PSRemoting which allow it to run the Get-CsCertificate cmdlet and return only the assigned certificate for Lync and not all the ones exists on a server as it was on the previous version
Download version 0.3 from Here
I’ve been doing some troubleshooting lately for a customer which had some issues with expired certificates on his Lync Environment, and asked me how he can monitor or track existing certificates expiration on his Lync environment.
There are great tools out there which helps tracking and monitoring certificates in any environment (not only for Lync), the ones I had a chance to work with are:
The problem is that the first tool can run against an internal CA only which means it holds a lot of certificates or alternatively it does not include Public certificates.
The Cmdlet is doing an excellent job in providing the information we need, but it can only run against the local server which might be an issue for an environment with multiple Lync servers and pools.
The third option is easy and very detailed but it is running against external servers only.
That’s why we decided (Yoav Barzilay and I) to come up with the following script:
The following script will query for every Lync server in the Environment which is a registrar, an EDGE or an OWAS and will pull the following information on every certificates exists under the Local Machine to an HTML report file:
- Friendly Name
- Subject Name
- Issue Date
- Expiration Date
- Expires In (Days)
The information is gathered by using the following PowerShell cmdlet:
$Store = New-Object System.Security.Cryptography.X509Certificates.X509Store(“MY”,”LocalMachine”)
- The script pulls the information from every server by query the Local Machine container to an HTML report file
- Certificates which are about to expired in the next 30 days will be colored in Red
- The script can also be configured to send email as well as being a scheduled task in order to be notified on a weekly/monthly basis.
The current caveats with the Script (which hopefully will be solved on the next version):
- Does not pull EDGE servers Certificates information
- Does not have Lync Certificates assignment awareness (Does not know which certificate is currently assigned)