Update the edge certificate

Important

Skype for Business Online operated by 21Vianet in China will be retired on October 1, 2023. If you haven't upgraded your Skype for Business Online users yet, they will be automatically scheduled for an assisted upgrade. If you want to upgrade your organization to Teams yourself, we strongly recommend that you begin planning your upgrade path today. Remember that a successful upgrade aligns technical and user readiness, so be sure to leverage our upgrade guidance as you navigate your journey to Teams.

Skype for Business Online, excluding the service operated by 21Vianet in China, was retired on July 31, 2021.

Updating the edge certificate is the key step to ensuring that an on-premises environment with SipDomain1 can join a cloud environment with SipDomain2. It ensures proper routing in a shared address space environment across the two SIP domains. See step 14 in Cloud consolidation for Teams and Skype for Business for context in which you might perform this step. In our examples, SipDomain1 is AcquiredCompany.com and SipDomain2 is OriginalCompany.com.

The subject alternate name (SAN) of the certificate on all edge servers in the on-premises environment must be updated to include all SIP domains that exist in the pure online tenant (excluding any onmicrosoft.com domains), in the form “sip.<domain>”. In our example, this is sip.OriginalCompany.com. This step is critical to do before migrating any users to the cloud.

Steps:

  1. Obtain a new External Microsoft Edge certificate for the edge that has all existing entries plus other entries in the SAN for all SIP domains in the cloud environment (excluding *.onmicrosoft.com domains) in the form sip.<DomainName>.

  2. Install the certificate locally on each edge server and assign it to the Skype Microsoft Edge service on each of the edge service. For detailed steps, see the section “External Microsoft Edge interface certificates” in Deploy Microsoft Edge Service in Skype for Business Server 2015.

  3. Restart the Microsoft Edge service on each of the edge servers. You can do this for a single box with the following PowerShell commands:

    Stop-CsWindowsService
    Start-CsWindowsService
    

See also

Cloud Consolidation for Teams and Skype for Business