[cisco-voip] Callmanager TomCat
Ryan Ratliff (rratliff)
rratliff at cisco.com
Wed Oct 29 14:13:44 EDT 2014
It's not only not recommended but UCM won't put an IP address in cert subject or SAN.
For Jabber it's a matter of getting signed certs, getting the certs loaded onto the PC, and fixing System->Server values so UDS doesn't screw up things by giving IPs to the client (this may be only a concern with MRA).
-Ryan
On Oct 29, 2014, at 1:56 PM, Josh Warcop <josh at warcop.com<mailto:josh at warcop.com>> wrote:
Not recommended approach. SSL future guidelines dictates that non approved TLDs in SAN names will no longer be supported. IP address and short names in SANs is a bandaid. The proper way to to change the server name setting to the FQDN and ensure every device is getting proper DNS suffix and DNS servers.
The second problem is that Jabber doesn't just look at the tomcat. It also checks callmanager.pen which should also be signed by a valid CA using valid subject and alternate names.
Sent from my Windows Phone
________________________________
From: Jason Aarons (AM)<mailto:jason.aarons at dimensiondata.com>
Sent: 10/29/2014 1:50 PM
To: cisco-voip (cisco-voip at puck.nether.net)<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Callmanager TomCat
Customer is asking if they can leave CallManager > CCMAdmin > Server > IP address and change the Tomcat Certificate to IP Address for Jabber for Windows client to be happy and not prompt an error first time opening? Can you even do that in CUCM? So keep the ip address as the Subject Alternate Name?
<Mail Attachment.txt>_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141029/5eb40d8c/attachment.html>
More information about the cisco-voip
mailing list