A consultant setup our Lync 2013 server about a year ago and that includes the following servers.
An internal Lync front end server - lync.domain.com
An external Lync edge server in the DMZ - lyncedge.domain.com
Office Web Apps in the DMZ for sharing office documents in Lync online meetings - webapps.domain.com
An IIS AAR Reverse Proxy in the DMZ and in the Intermediate DMZ. This is the actual endpoint if your off our network, all the appropriate IP's come into this guy, which does the job of directing you to the proper resources internally.
We have recieved an email from GoDaddy that states the following:
As we mentioned earlier, we recently switched from using SHA-1 certificates to the more secure SHA-2 algorithm for new certificates.
Google Chrome is a very popular internet browser. Starting in November, they'll begin displaying errors on the padlock icon for any website using SHA-1 SSL certificates.
It appears the following SSL certificate(s) are still using the SHA-1 algorithm. Please re-key them now to update to SHA-2 and avoid problems in November.
Please re-key your certificate(s) today to avoid alarming any visitors on your website. If you have any questions, take a look at the instructions below or call our SSL team at (480) 463-8887.
Follow these directions to re-key your certificate:
1. Log in to your Account Manager.
2. Click SSL Certificates.
3. Next to the certificate you want to re-key, click View Status.
4. Click Manage.
5. Click Re-Key certificate.
6. In the Certificate Signing Request (CSR) field, paste your new CSR, including:
---BEGIN NEW CERTIFICATE REQUEST--- and ---END CERTIFICATE REQUEST---
7. Click Save.
8. Click Submit All Saved Changes.
Now I don't want to forget anything as this is in production and people are using Lync. What is the proper order of getting the new certificates installed and where do I go about getting the CSR (from which server(s))?
I really do not want to pay the consultant to do this if I can get this done. Is this done via PowerShell on Lync front end server, or is this just done in IIS, or what?