Skype for Business and Lync Servers certificate report

This is a cross-post with Guy Bachar’s blog, of a script we wrote back in August 2014 and that went through some technical (mostly Guy) and cosmetic (mostly yours truly) updates.


This script will generate an HTML report of all Skype for Business \ Lync servers’ certificates, and you can even use it to send periodical emails.

As the new script supports contacting your Edge servers, there are some prereqs involved:

1. Enable Trusted Hosts on the Front-End server you’re running the script from:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “*” -Force

2. Enable HTTP Compatibility Listener on all Edge servers:

Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value True

The script is pretty straight forward, all you have to do is run it form a local folder on your FE server with elevated permissions.
However, this will only give you the FE’s certificates.
Guy was smart enough to create the following additions:

-EdgeCertificates and -OWASCertificates

You can run either or both, and they will give you information about your Office Web Apps Servers’ certificates (-OWASCertificates) and your Edge Servers’ certificates (-EdgeCertificates).
When using the -EdgeCertificates option, you’ll be prompted to enter your Edge Server’s credentials.


Visit Guy’s post for further information.

The script can be downloaded here, and we’ll love to hear your feedback.

5 thoughts on “Skype for Business and Lync Servers certificate report

  1. Would it be impossible to include at least some rudimentary info about the certificates of TLS-based PSTNgateways?

    1. It’s on our to do list, we’re looking for a way to pull certificate information based on a given port, but i’m not sure how easy it’s gonna be 🙂

  2. I just ran this script with the -OWASCertificates switch unfortunately we have a 4 server WAC Farm with the cn of the cert as a hostname resolving to the F5 in front of the WAC servers. Im guessing that the OWAS switch uses the cn and assumes its the FQDN of the WAC server.

    1. Hey David,
      The script is based on the Lync/SfB topology and unfortunately the topology does not include the actual OWAS server if those are behind an HLB.
      So what the script does is just pinging and trying to connect to the HLB IP which then just load balances between one of the servers in the pool and retriving the certificate information from

      We are currently looking for another solution, maybe once we’ll be able to get to one of the OWAS server we’ll run some other commands to get the list of all servers in the OWAS pool first.

      But that’s great feedback, thank you!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.