It’s that time of the year again. You are either reading a renewal notice email from your SSL certificate provider or you are less fortunate and are looking at a failed connection message in your Lync client.

Before you can get your new certificate you will need to generate a new Certificate signing request (CSR).

          1. Inside your Lync environment, click on Start -> All Programs -> Microsoft Lync Server 2010 -> Lync Server Deployment Wizard.

          2.Click on Install or Update Lync Server System

       3. Under Step 3, click on Run Again

         4. Select the certificate you would like to renew and click on Request

         5. Click Next

         6. Select Prepare the request now, but send it later (offline certificate request), and click Next

           7. Select where you want the request to be saved and click Next

           8. Click Next in the Certificate Template window

           9. Specify a name you want to use for identifying this certificate

          10. Enter the organization and organization unit name, as well as geographical location on the next window.

          11. Next window will list Subject Names what will be included in the certificate, click Next.

          12. If you are requesting a certificate for an Edge server,you will be able to select your SIP domain, click Next. 

          13. In this window, you will have to enter all of the Subject Alternate Names used in your Lync environment. For example lync.domain.com, edge.domain.com, dialin.domain.com, meet. domain.com etc.

        14. Verify your information and click next.

        15. Click Next to generate the request then click Finish.

        16. Now that you have your CSR request file, send it over to your SSL provider. When you get your new certificate files, right click on each one and select Install Certificate.

       17. Go back to your Lync Certificate wizard and click on Assign. Look for the friendly name you created in step 9, and select it. Click next until your certificate is assigned.

      18. Restart Lync services and they should start right up. Check for any error logs in the Event Viewer.

If you plan on using the same certificate on your other Lync servers, you will have to use the Microsoft Management Console Certificate Snap-in to export and import the certificate to other servers. Now repeat from step 16.