The Curious Case of TCP/9808

September 23, 2018

Sometimes a mystery is so satisfying once you have solved it.  Check out this amazing story from co-worker and amazing guy Mitch Steiner.


The Scene: A typical day in Ops
Ops engineer: Oh, I just got an alert that the default certificate on one of our enterprise pools is about to expire. Time to create a change request for the upcoming maintenance window and get it replaced.

Act 1 Scene 1

(Two days later , during the weekly maintenance window)
Our trusty ops engineer , having filed the proper change request and obtaining an approval, creates a CSR , submits it to his internal PKI and  generates  a new default certificate. He launches the deployment wizard,  imports his certificate ,  and assigns it to the proper usages ( server default , internal and external web services).
No errors were found, and all appears  working as expected.
Following his organization’s pre defined best practices (trust but verify!)  ,  our ops engineer now runs through his certificate replacement checklist.
He grabs his trusty DigiCert utility for windows , and proceeds to verify that the new certificate is being presented on the known ports  ( 5061, 443, 4443). To accomplish this, he launches the tool on the enterprise pool server , selects tools and  clicks “check install” in the  certificate installation checker section. He sets his server address  to localhost , sets  the SSL mode to  direct and checks each port , verifying the new “valid to”  date and serial number match the newly provisioned certificate  (Exhibit A is shown below)

Continue Reading


Written by Richard Richard is an Office Apps & Services MVP (Teams / Skype) who lives in Minneapolis, MN. Microsoft Certified Solutions Master (MCSM) and MCSM Instructor - when those were a thing long ago. When not writing code, breaking teams - debate coach and avid golfer.
Follow on Twitter

Built using Gatsby and Material-UI

Copyright © TheArgyleMVP 2022.