travis' brain dump

Skype For Business: Invalid incoming HTTPS certificate

by on Dec.15, 2018, under Tech Stuff

Skype for Business Front End Server
Event ID 32042 – LS User Services – Invalid incoming HTTPS Certificate

I ran into this issue recently when someone thought it’d be cute to have the intermediate and root certs for a domain sitting in the same container (Trusted Root Certification Authorities). There’s a reason we have different containers folks. 🙂

Needless to say I was not amused after wasting an hour or so trying to figure out just why this error kept popping up in my event logs and the FE services wouldn’t come up. The worst part? I’d looked at the certificate objects and because these two certs looked almost identical in name, I missed them entirely during my search. 

So after doing a little digging around, I was pointed back towards a problem with a chain. There were a few examples of some Powershell to accomplish what I needed, but I liked this one the best. It allowed for me to see the list of my offenders easily. 

Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} |fl FriendlyName,Subject,Issuer

Once run, any certificate listed is going to be a cert you need to take a look at. You’ll most likely either move these certificates to the Intermediate or Personal containers. Just be careful where you move stuff so you don’t create new problems for yourself. 

Hopefully you can save yourself some time by having this handy. 


Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!