[cisco-voip] Callmanager TomCat

Josh Warcop josh at warcop.com
Wed Oct 29 13:56:13 EDT 2014


Not recommended approach. SSL future guidelines dictates that non approved TLDs in SAN names will no longer be supported. IP address and short names in SANs is a bandaid. The proper way to to change the server name setting to the FQDN and ensure every device is getting proper DNS suffix and DNS servers.

The second problem is that Jabber doesn't just look at the tomcat. It also checks callmanager.pen which should also be signed by a valid CA using valid subject and alternate names.

Sent from my Windows Phone
________________________________
From: Jason Aarons (AM)<mailto:jason.aarons at dimensiondata.com>
Sent: ‎10/‎29/‎2014 1:50 PM
To: cisco-voip (cisco-voip at puck.nether.net)<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Callmanager TomCat

Customer is asking if they can leave CallManager > CCMAdmin > Server >  IP address and change the Tomcat Certificate to IP Address for Jabber for Windows client to be happy and not prompt an error first time opening?  Can you even do that in CUCM? So keep the ip address as the Subject Alternate Name?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141029/b6a0608a/attachment.html>
-------------- next part --------------
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip


More information about the cisco-voip mailing list