[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Kevin Przybylowski
kevinp at advancedtsg.com
Thu Feb 5 12:33:45 EST 2015
Are you using real FQDN's or internal FQDNs? https://www.digicert.com/internal-names.htm
This has been a real pain point with recent Jabber/MRA rollouts.
I would take the advice of Warcop and upgrade to the latest CUCM/IM&P if possible. This will give you the ability to use multi server certs and may save you some time/headaches. Although the upgrade to 10.5 from pre 9 can be a headache as well.
To answer your question - We've used Thawte, Godaddy and digicert without much issue. Although godaddy seems to add a SAN to your UCC Cert now without requesting it and the UC Appliances don't like he SANs in the cert to not match the CSR precisely.
-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Gary Parker
Sent: Thursday, February 5, 2015 11:24 AM
To: Cisco VoIP Group
Subject: [cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Hi folks, I’m in the process of replacing a load of self-signed certs on my 8.6.x CUCM, CUC and CUP servers.
I’ve been having issues getting certs with the correct KeyUsage extensions from our current provider and wondered if anyone could recommend a company who can provide certificates that honour the requirements in the CSRs generated by the Cisco Unified Communications servers.
I’m particularly interested in certificates that contain the "digitalSignature, nonRepudiation,keyEncipherment,dataEncipherment” extensions as per:
http://blog.warcop.com/2015/01/22/cisco-jabber-certificate-warning-again/
Jabber for Windows clients 9.2.5 and greater are flagging invalid certificates on our currently installed TERENA certificates.
---
/-Gary Parker----------------------------------f--\
| Unified Communications Service Manager |
n Loughborough University IT Services |
| Tel: +441509635635 Mob: +447989172258 o
| http://delphium.lboro.ac.uk/pubkey.txt |
\r----------------------------------------------d-/
More information about the cisco-voip
mailing list