After you have requested and obtained the new certificate you can then log on to any one of your Front End Servers and use a Windows PowerShell command similar to this one to import and assign that certificate: Import-CsCertificate -Identity global -Type OAuthTokenIssuer -Path C:\Certificates\ServerToServerAuth.pfx -Password the preceding command the Path parameter represents the full path to the certificate file, and the Password parameter represents the password that was assigned to the certificate. If you do not have a certificate that can be used for server-to-server authentication you can obtain a new certificate, import the new certificate, and then use that certificate for server-to-server authentication.
(The OAUthTokenIssuer certificate can also be any Web server certificate that includes the name of your SIP domain in the Subject field.) The primary two requirements for the certificate used for server-to-server authentication are these: 1)the same certificate must be configured as the OAuthTokenIssuer certificate on all of your Front End Servers and, 2) the certificate must be at least 2048 bits.
As a general rule, any Skype for Business Server certificate can be used as your OAuthTokenIssuer certificate for example, your Skype for Business Server default certificate can also be used as the OAuthTokenIssuer certificate. If no certificate information is returned you must assign a token issuer certificate before you can use server-to-server authentication. To determine whether or not a server-to-server authentication certificate has already been assigned to Skype for Business Server, run the following command from the Skype for Business Server Management Shell: Get-CsCertificate -Type OAuthTokenIssuer Summary: Assign a server-to-server authentication certificate for Skype for Business Server.
0 kommentar(er)
