[cisco-voip] TVS & Signed Certificates

Ryan Ratliff (rratliff) rratliff at cisco.com
Mon Aug 11 09:48:23 EDT 2014


Yes, but not by nature of the TVS cert itself being CA-signed. Since the TVS cert will get into the ITL who signs it doesn't matter.
Why it may help is because TVS will authorize any cert in the local server's trust store.  If the other certs (the ones the endpoint presents to TVS) are CA-signed and TVS has the root cert available then in theory any cert signed by that root cert will be authorized, regardless of whether the actual cert has been uploaded to UCM.
This of course is an educated guess, and I'd thoroughly test it in the lab first.

-Ryan

On Aug 8, 2014, at 8:15 PM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:

If you used signed certificates by your enterprise CA for TVS, would that allow TVS to validate across multiple clusters if both clusters TVS certificates were signed by the same CA?

I am trying to determine if there would ever be an advantage to doing a non-self signed certificate on the TVS.

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814
<image001.png><https://twitter.com/CollabSensei>
<image002.png><xmpp:dennis.heim at wwt.com><image003.png><tel:+13142121814><image004.png><sip:dennis.heim at wwt.com>


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140811/f3ac55ec/attachment.html>


More information about the cisco-voip mailing list