Resolved: “Certificate chain is invalid” warning in Lync Server 2013 installation

You may run into these warning while installing Lync Server 2013:

WARNING: The chain of the certificate “XYZ” is invalid.

WARNING: “Request-CSCertificate” processing has completed with warnings. “1” warnings were recorded during this run.

"Certificate chain is invalid"
“Certificate chain is invalid”

Resolution

The reason you get these warnings is that certificate publisher is not in your Trusted Root Certification Authorities list. Follow the steps below in order to add your publisher into the list. In my case, publisher is AD Certificate Services.

  1. Go to certificate request website. The address must be similar to http://dc01.yourdomain.local/certsrv
  2. Click “Download a CA certificate, certificate chain, or CRL
  3. Click “Download CA certificate chain

    Downloading certificate chain from AD CS
    Downloading certificate chain from AD CS
  4. Import the downloaded certificate file into your Trusted Root Certification Authorities list (Run > mmc > File > Add/Remove Snap-in > Certificates > Computer Account > Trusted Root Certification Authorities > Right Click > Certificates > All Tasks > Import)

    Adding
    Adding certificate into Trusted Root Certification Authorities list

Many thanks The Lync Dude

8 thoughts on “Resolved: “Certificate chain is invalid” warning in Lync Server 2013 installation

Leave a Reply