Skype For Business: Invalid incoming HTTPS certificate
by Travis on Dec.15, 2018, under Tech Stuff
Skype for Business Front End Server
Event ID 32042 – LS User Services – Invalid incoming HTTPS Certificate
I ran into this issue recently when someone thought it’d be cute to have the intermediate and root certs for a domain sitting in the same container (Trusted Root Certification Authorities). There’s a reason we have different containers folks. 🙂
Needless to say I was not amused after wasting an hour or so trying to figure out just why this error kept popping up in my event logs and the FE services wouldn’t come up. The worst part? I’d looked at the certificate objects and because these two certs looked almost identical in name, I missed them entirely during my search.
So after doing a little digging around, I was pointed back towards a problem with a chain. There were a few examples of some Powershell to accomplish what I needed, but I liked this one the best. It allowed for me to see the list of my offenders easily.
Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} |fl FriendlyName,Subject,Issuer
Once run, any certificate listed is going to be a cert you need to take a look at. You’ll most likely either move these certificates to the Intermediate or Personal containers. Just be careful where you move stuff so you don’t create new problems for yourself.
Hopefully you can save yourself some time by having this handy.