Condividi tramite


Haiku #169

Heaven: mountain bikes,

Mountain climbing, kayaking,

Issued cert Ids.

Hey, everyone. Welcome to the daily Lync Server PowerShell haiku, being broadcast to you today live, and in living color, from Park City, UT, nestled in the midst of the beautiful Wasatch Mountains.

In case you're wondering, Wasatch is an old Indian word that means … well, to tell you the truth, we have no idea what Wasatch means. Apparently the word is so old that it was coined back in the days before meanings had actually been invented. But we'll look into that for you.

One thing we do know is that, back in its mining heyday, Park City was known as Sin City. Why was Park City known as Sin City? Well, let's put it this way: despite arriving late yesterday afternoon, in just a few hours the author of today's haiku and his wife managed to check out the outlet mall next door to the condo where they're staying, have dinner at Ruby Tuesday's, and go grocery shopping!

Thank goodness whatever happens in Park City stays in Park City.

In addition to that, however, the author and his wife also managed to pick up a trail map for the Park City area, and are planning to hit the bike trails just as soon as today's haiku is finished.

Speaking of which, today's haiku is finished. See you all tomorrow!

No, hey, just kidding. After all, the author of today's haiku didn't come to Park City to ride mountain bikes, climb mountains, roar down zip lines, and paddle kayaks. No sir, the main reason he came to Park City was so that he would have the perfect setting and the perfect opportunity to tell everyone about the New-CsIssuedCertId cmdlet.

Now, to be honest, there are probably no more than a handful of people out there (if any) who will ever call the New-CsIssuedCertId cmdlet: to be blunt, this cmdlet has very little meaning, and is of very little use, to anyone. (And yet, for some reason, the author of today's haiku has a soft spot in his heart for New-CsIssuedCertId.) New-CsIssuedCertId provides a way for you to assign a TLS (Transport Layer Security) certificate to a static route.

Note. What's a static route? Well, as it turns out, static route is an old Indian phrase meaning "a path to be taken by SIP messages that has been predetermined and preconfigured by an administrator." This differs from dynamic routes, in which servers use algorithms to determine the next location (i.e., the next hop) where a SIP message should be forwarded.

Back in the old, pre-beta days of Microsoft Lync Server 2010, New-CsIssuedCertId was the way to assign TLS certificates to static routes. When the beta version of Lync Server was released, however, the new, improved way to assign certificates to static routes was to use the New-CsStaticRoute cmdlet. In a flash, New-CsIssuedCertId was washed-up and over-the-hill.

Note. And yet, for some reason, the author of today's haiku has a soft spot in his heart for New-CsIssuedCertId.

So then why are we even bothering to talk about New-CsIssuedCertId? Well, for one thing, CsIssuedCertId is still a valid Lync Server PowerShell noun, and our goal with the daily haiku was, and still is, to cover each of the Lync Server PowerShell nouns. For another, New-CsIssuedCertId is apparently still required for some backward compatibility scenarios. We've never been able to get much information on just exactly what those scenarios might be; we've just been told that "It's possible that a Microsoft support person might need you to run that cmdlet."

And what if a Microsoft support person does need you to run that cmdlet? Well, to begin with, there's no need to panic. Running New-CsIssuedCertId requires no more effort than this:

$cert = New-CsIssuedCertId -Issuer "Fabrikam" -SerialNumber 0x10,0x14,0x3A,0x1A

As you can see, we've only had to do a few things here. For starters, we call the cmdlet and include the Issuer parameter; as you might have guessed, the Issuer is simply the name of the certificate authority that provided you with the certificate in the first place. In addition to that, we also had to include the certificate serial number, like so:

-SerialNumber 0x10,0x14,0x3A,0x1A

And yes, you're right: that is a weird-looking serial number, isn't it? As it turns out, serial numbers must be passed to New-CsIssuedCertId in the form of a byte array; that essentially means taking every two characters in the serial number and prefacing it with 0x. For example, suppose our certificate has the serial number 10143A1A. That means we have the following byte array:

0x10

0x14

0x3A

0x1A

It's a little weird, but it works. And what if you have no idea who your certificate issuers are, and what if you haven't completely memorized the serial number for each of those certificates? That's fine; you can retrieve all that information by running this simple little command:

Get-CsCertificate | Select-Object Issuer, SerialNumber

You might have notice that we also stored our new certificate ID in a variable named $cert:

$cert = New-CsIssuedCertId -Issuer "Fabrikam" -SerialNumber 0x10,0x14,0x3A,0x1A

That's important; if you don't store the ID in a variable then it will disappear pretty much as fast as it gets created. And then what do you do with the variable $cert? Well, that's where you have to rely on your Microsoft support person. Back in the old days, you would have added the certificate to a SIPProxy.TLS object, like so:

$tls = New-CsSipProxyTLS -Certificate $cert -Fqdn atl-proxy-001.litwareinc.com

In these days, you'll have to wait for someone to tell you what to do.

Note. But don't worry. If you're anything like us, there's never any shortage of people ready to tell you what to do.

And now today's haiku is finished. As promised, we looked it up, and discovered that Wasatch means "mountain pass" or, possibly, "low pass over high range." Which would make the Wasatch Mountains the Mountain Pass Mountains or the Low Pass Over High Range Mountains.

Good question: if it wasn't for us, where would you get information like that? We'll have to look into that for you. But not until after the bike ride.

See you tomorrow!