Install the Active Directory Certificate Services role and make sure you can access the certificate server,

http://server-name/certsrv. I enabled the https access for the certificate server so I can access through https instead of http.

Click Request a certificate

Select Submit an advance certificate request

Copy the contents from the file you generated from certificate enrollment wizard in the following text box and select Webserver template

Click Submit and click Download certificate.

Import the certificate in the certificate mmc into Personal in Lync Server


you can see the imported certificates, if you scroll right side you can understand the certificate from the date of expiration. Otherone self-generated certificate by Lync server during the installation.

Now you have to export with private key then import into IIS. you can’t directly import the certificate into IIS, if you do so you will not import the private key.

You can see the certificate that has been exported with private key.

Now we will import into IIS, open IIS then open Server Certifcates, do the import into the IIS


Right Click and select Import, browse the certificate and put the password that you used during export then click OK to import.

Once done you will have to use Get-CsCertificate to get the thumbprint to find the assigned certificate. Open the Lync Server Management Shell and run the command as below,

Find the new certificate thumprint


Use Set-CsCertificate command with thumprint of new certificate to assign the certificate

Set-CsCertificate -Type Default,WebServicesInternal,WebServicesExternal -Thumbprint ‎87c591ae1f6fddfcc07bcb91a1712e5662effe03

*** Note: if you copy and paste from notepad you will have to delete the ? infront of thumprint otherwise you will get error.

Now run the Get-CsCertificate and check the new thumprint that should match with new certificate. All done with certificate assignment for Lync Server 2010.

Any comments welcome.