Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

Part IV of Skype for Business Server Edge Pool deployment focus on certificates. Once you are done with Edge server installation you can request a certificate. Edge server need two different types of certificates one for internal and another for external. For internal certificate you can use internal CA while for external certificate you can generate the request and send it to your external CA to get the public certificate. Follow the step by step process to request and assign the certificates:

Select “Edge internal” and click on “Request”

Select offline certificate request and click on Next

Browse to location where you want to store the certificate request

Click on Next

Enter friendly name and select “Mark the certificate’s private key as exportable”

Fill the Organization Information

Fill the Geographical Information

Click on Next

Add all the Edge servers FQDN which are going to be part of this pool

Review the summary and click on Next

Once completed successfully, click on Next

Click on finish to generate the CSR

As you have request CSR for internal certificate, copy the *.req file and go to the internal CA to request the internal certificate.

Access your ADCS through web and click on “Request a certificate”

Select “advanced certificate request”

Select “Submit a certificate request …… PKCS#7 file”

Copy and paste the *.req file content here and select “Web Server” as a certificate template

Select “Base 64 encoded” and download both the files

Install the root certificate on your Edge server, you may run “Download certificate chain” to install the root certificate.

Install only root certificate form “certificate chain” and store it to “Local Computer” under “Trusted Root Certification Authorities”

If you don’t install root certificate then you can face below error while assigning certificate

Once done with root certificate installation, go to the Certificate Wizard and click on “Import Certificate”

Select the *.cer file and click on next

Click on Next to import the certificate

Once completed click on finish

Now, select “Edge internal” and click on “Assign”

Click on Next

Select Certificate and click on Next

Review the summary and click on Next

Once completed click on Finish.

Once Certificate is assigned to “Edge internal”, you can select the “External Edge certificate…” and click on “Request”

Select “offline certificate request” and click on Next

Browse to location to save the certificate request file

Click on Next

Enter “Friendly name” and make sure “Mark the certificate’s private key as exportable” is being selected

Enter your Organization Information

Enter Geographical Information

Click on Next

Select SIP domains and click on Next

Enter alternative SANs if you have any (For Example: If you want to use the same certificate for reverse proxy as well add same names such as lyncdiscover.domain.com, meet.domain.com, externalwebservices.domain.com etc.)

Once certificate request has been completed successfully, click on Next

Click on Finish to generate the CSR

Sent the *.req file to you Public CA vendor and get the certificate. Once you receive the certificate then Import and assign the certificate.

Once certificate part is done, start the Edge server services

Open Skype for Business Server Management Shell and run “Start-CsWindowsService”

Enjoy your Edge services J

Make sure you have public DNS records in place for external users.