[cisco-voip] 10.5.1 UCCX Certificate for Finesse

Brian Meade bmeade90 at vt.edu
Thu Feb 5 12:34:17 EST 2015


You could just use an internal CA so you don't have to deal with all of the
requirements.  Public CA's are pretty strict about things like
SANs/internal domain names.

On Thu, Feb 5, 2015 at 12:02 PM, Jose Colon II <jcolon424 at gmail.com> wrote:

> Thanks Gary, I am on the phone with TAC and he is saying the same thing.
> Another issue I am seeing is the fact that I cannot get a certificate
> assigned to me with a internal domain name or SAN. Do you have any
> recommendations on this?
>
> On Thu, Feb 5, 2015 at 10:55 AM, Gary Parker <G.J.Parker at lboro.ac.uk>
> wrote:
>
>>
>> > On 5 Feb 2015, at 16:37, Jose Colon II <jcolon424 at gmail.com> wrote:
>> >
>> > I am trying to generate certificate request from 10.5.1 UCCX box and
>> the cert it generates is not working with verasign. It tells me "The State
>> Name in the CSR cannot be abbreviated"
>> >
>> > Anyone have any suggestions?
>>
>> Hi Jose, have a look at your CSR using:
>>
>> openssl req -text -noout -verify -in CSR.csr
>>
>> where CSR.csr is your csr file.
>>
>> Mine, for example, reads:
>>
>>         Subject: C=GB, ST=Leicestershire, L=Loughborough, O=Loughborough
>> University, OU=ITS, CN=
>> tainter.lboro.ac.uk/serialNumber=xxxxxxxxxxxxxxxxxxxxxxxxx
>>
>> On the “Subject:” line is the entry for ST= an abbreviated version of
>> your State name? If so I’d imagine you’ll have to login on the command line
>> for the server and use “set web-security” to change the State to a proper
>> value.
>>
>> If I had ST=Leics it would also likely fail.
>>
>> Be aware that this *may* make you have to relicense the server (I’m not
>> sure if changing state is enough to trigger this).
>>
>>
>> ---
>> /-Gary Parker----------------------------------f--\
>> |     Unified Communications Service Manager      |
>> n       Loughborough University IT Services       |
>> |     Tel: +441509635635  Mob: +447989172258      o
>> |     http://delphium.lboro.ac.uk/pubkey.txt      |
>> \r----------------------------------------------d-/
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150205/f0a4c34c/attachment.html>


More information about the cisco-voip mailing list