Enables you to assign an existing certificate to a SipProxy.TLS object. In turn, that object can be used configure a static route to use TLS (Transport Layer Security) as its transport protocol.
Syntax
New-CsIssuedCertId -Issuer <String> -SerialNumber <Byte[]> |
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Issuer |
Required |
String |
Name of the Certificate Authority that issue the certificate to be used in the static route. |
SerialNumber |
Required |
Byte array |
Serial number of the certificate to be used in the static route. Serial numbers must be passed as a byte array; this means you must pass the serial number as an array of two-character values. For example: -SerialNumber 01, 23, 45, 67, 89. |
Detailed Description
When you send a SIP (Session Initiation Protocol) message to someone that message might need to traverse multiple subnets and networks before it is delivered; the path traveled by the message is often referred to as a route. In networking, there are two types of routes: dynamic and static. With dynamic routing, servers use algorithms to determine the next location (the next hop) where a message should be forwarded. With static routing, message paths are predetermined by system administrators. When a message is received by a server, the server checks the message address and then forwards the message to the next hop server that has been preconfigured by an administrator. If configured correctly, static routes help ensure timely, and accurate, delivery of messages, and with minimal overheard placed on servers. The downside to static routing? Messages are not dynamically rerouted in the event of a network failure.
Microsoft Communications Server allows you to specify either TCP (Transmission Control Protocol) or TLS (Transport Layer Security) as your transport protocol when configuring a statuc route. If you decide to use TLS as your protocol, you must first assign a certificate to be used for authentication. In that case, you can use the default certificate configured for Microsoft Communications Server. Alternatively, TLS certificates can be assigned by calling New-CsIssuedCertID to create a certificate object, then assigning that object to a SipProxy.TLS object created by using the New-CsSipProxyTLS cmdlet.
When you run New-CsIssuedCertID you must provide the cmdlet with the issuer name and the serial number of an existing certificate. That information can be obtained by running this command:
Get-CsCertificate | Select-Object Issuer, SerialNumber
Note that serial numbers must be passed as a byte array; this means you have to pass the serial number as an array of two-character values. For example, if you have a certificate with the serial number 0123456789 that data must be passed using the following syntax:
-SerialNumber 01, 23, 45, 67, 89,
You do not need to use the New-CsIssuedCertId cmdlet if you create a static route using the New-CsstaticRoute cmdlet.
Return Types
New-CsIssuedCertId creates instances of the Microsoft.tc.Management.WiteableConfig.BaseTypes.IssuedCertId object.
Examples
-------------------------- Example 1 ------------------------
Copy Code | |
---|---|
$cert = New-CsIssuedCertId -Issuer "Fabrikam" -SerialNumber 10,14,34,18 $tls = New-CsSipProxyTLS -Certificate $cert -Fqdn atl-proxy-001.litwareinc.com |
The commands shown in Example 1 create a new certificate ID object and then assign that certificate to a SipProxy.TLS object; in turn, that object can then be used to configure a static route to use the TLS transport protocol. To do all this, the first command in the example uses New-CsIssuedCertId to create a certificate ID object for a certificate issued by Fabrikam that has the serial number 10143418. (Note that the serial number is specified as an array of two-character strings.) The resulting object is stored in a variable named $cert.
In the second command, New-CsSipProxyTLS is used to create a SIPProxy.TLS object. To ensure that this object uses the Fabrikam-issued certificate for authentication, the variable $cert is used as the parameter value for the –Certificate parameter.