[cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI

Ryan Ratliff (rratliff) rratliff at cisco.com
Wed Oct 8 17:01:06 EDT 2014


I don't have the doc handy but I believe it's in the CSR generation page.

Sent from my iPhone

On Oct 8, 2014, at 3:46 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:

So I couldn’t find a GUI method to add an AlternateSubjectName.  My problem with the CUCM 10.5 CLI was only a single SAN (Subject Alternate Name) is supported.  Once I removed the other entries it worked.

For whatever reason in show web-security the server name is also listed as a AlternateSubjectName.  So in short you will see two AlternateSubjectName’s even when you only have 1 configured.

From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com]
Sent: Wednesday, October 08, 2014 2:53 PM
To: Heim, Dennis
Cc: Justin Steinberg; Jason Aarons (AM); cisco-voip voyp list
Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI

There's also the multiserver cert in 10.5 that allows you to add additional entries via OS Admin.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_5_1/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051_chapter_01.html#CUCM_RF_SEC52373_00


-Ryan

On Oct 8, 2014, at 2:41 PM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:

Single SAN as far as I remember too. Best bet is to add it at the CA level. With Windows CA this can be down via the additional parameters on the certsrv webpage if doing it that way.

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814
<image001.png><https://twitter.com/CollabSensei>
<image002.png><xmpp:dennis.heim at wwt.com><image003.png><tel:+13142121814><image004.png><sip:dennis.heim at wwt.com>


From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Justin Steinberg
Sent: Wednesday, October 08, 2014 1:37 PM
To: Jason Aarons (AM)
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI

I thought you could only add a single SAN via command line.

On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:

Trying to add an alternatehostname in CUCM 10.5  I got the below error.  Anyone spot my problem?



set web-security CH "Hawaii Department of Boating" Honolulu Hawaii US ton.state.hi.us<http://ton.state.hi.us/> HI-IT-UC-CM-P.ton.state.hi.us<http://hi-it-uc-cm-p.ton.state.hi.us/> myphone.ton.state.hi.us<http://myphone.ton.state.hi.us/>

Expected 4 mandatory and up to 2 non-mandatory parameter(s)
but 8 parameter(s) were found

Executed command unsuccessfully
Error executing command
admin:



Names changed to protect the innocent :)





admin:set web-security ?
Syntax:
set web-security orgunit orgname locality state [country] [alternatehostname]
orgunit  mandatory   organizational unit
orgname  mandatory   organizational name
locality mandatory   location of organization
state    mandatory   state of organization
country  optional   country code can not be changed
alternatehostname  optional   alternate host name

admin:set web-security

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141008/cbed1a61/attachment.html>


More information about the cisco-voip mailing list