[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use

[Gary Parker]

> On 5 Feb 2015, at 17:33, Kevin Przybylowski <kevinp at advancedtsg.com> wrote:
> 
> Are you using real FQDN's or internal FQDNs?  https://www.digicert.com/internal-names.htm

Real FQDNs

> 
> This has been a real pain point with recent Jabber/MRA rollouts.

Tell me about it! Our CUCM/CUC/CUP cluster was built when Cisco still recommended everything be done with IP addresses and self-signed certs…

> I would take the advice of Warcop and upgrade to the latest CUCM/IM&P if possible.  This will give you the ability to use multi server certs and may save you some time/headaches.  Although the upgrade to 10.5 from pre 9 can be a headache as well.

Yeah, that’s the plan for later in the year, but we’re doing things out of order :-/

> To answer your question - We've used Thawte, Godaddy and digicert without much issue.  Although godaddy seems to add a SAN to your UCC Cert now without requesting it and the UC Appliances don't like he SANs in the cert to not match the CSR precisely.

Good to hear another vote for Digicert. I’ll be flexing the credit card tomorrow and getting something from them to test out, I think…

---
/-Gary Parker----------------------------------f--\
|     Unified Communications Service Manager      |
n       Loughborough University IT Services       |
|     Tel: +441509635635  Mob: +447989172258      o
|     http://delphium.lboro.ac.uk/pubkey.txt      |
\r----------------------------------------------d-/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150205/4d1aac6f/attachment.sig>