[cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
Ryan Ratliff (rratliff)
rratliff at cisco.com
Wed Oct 8 17:01:06 EDT 2014
I don't have the doc handy but I believe it's in the CSR generation page.
Sent from my iPhone
On Oct 8, 2014, at 3:46 PM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:
So I couldn’t find a GUI method to add an AlternateSubjectName. My problem with the CUCM 10.5 CLI was only a single SAN (Subject Alternate Name) is supported. Once I removed the other entries it worked.
For whatever reason in show web-security the server name is also listed as a AlternateSubjectName. So in short you will see two AlternateSubjectName’s even when you only have 1 configured.
From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com]
Sent: Wednesday, October 08, 2014 2:53 PM
To: Heim, Dennis
Cc: Justin Steinberg; Jason Aarons (AM); cisco-voip voyp list
Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
There's also the multiserver cert in 10.5 that allows you to add additional entries via OS Admin.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_5_1/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051_chapter_01.html#CUCM_RF_SEC52373_00
-Ryan
On Oct 8, 2014, at 2:41 PM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
Single SAN as far as I remember too. Best bet is to add it at the CA level. With Windows CA this can be down via the additional parameters on the certsrv webpage if doing it that way.
Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814
<image001.png><https://twitter.com/CollabSensei>
<image002.png><xmpp:dennis.heim at wwt.com><image003.png><tel:+13142121814><image004.png><sip:dennis.heim at wwt.com>
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Justin Steinberg
Sent: Wednesday, October 08, 2014 1:37 PM
To: Jason Aarons (AM)
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
I thought you could only add a single SAN via command line.
On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) <jason.aarons at dimensiondata.com<mailto:jason.aarons at dimensiondata.com>> wrote:
Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem?
set web-security CH "Hawaii Department of Boating" Honolulu Hawaii US ton.state.hi.us<http://ton.state.hi.us/> HI-IT-UC-CM-P.ton.state.hi.us<http://hi-it-uc-cm-p.ton.state.hi.us/> myphone.ton.state.hi.us<http://myphone.ton.state.hi.us/>
Expected 4 mandatory and up to 2 non-mandatory parameter(s)
but 8 parameter(s) were found
Executed command unsuccessfully
Error executing command
admin:
Names changed to protect the innocent :)
admin:set web-security ?
Syntax:
set web-security orgunit orgname locality state [country] [alternatehostname]
orgunit mandatory organizational unit
orgname mandatory organizational name
locality mandatory location of organization
state mandatory state of organization
country optional country code can not be changed
alternatehostname optional alternate host name
admin:set web-security
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141008/cbed1a61/attachment.html>
More information about the cisco-voip
mailing list