[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Ryan Ratliff (rratliff)
rratliff at cisco.com
Fri Feb 6 15:37:47 EST 2015
Is it common practice for a CA to ignore the keyExtensions in a CSR? I’ve seen a few cases recently where keyExtensions missing or partly missing have broken things and would love to give some better advice to the customers than just “fix your CA”.
-Ryan
On Feb 5, 2015, at 11:23 AM, Gary Parker <G.J.Parker at lboro.ac.uk> wrote:
Hi folks, I’m in the process of replacing a load of self-signed certs on my 8.6.x CUCM, CUC and CUP servers.
I’ve been having issues getting certs with the correct KeyUsage extensions from our current provider and wondered if anyone could recommend a company who can provide certificates that honour the requirements in the CSRs generated by the Cisco Unified Communications servers.
I’m particularly interested in certificates that contain the "digitalSignature, nonRepudiation,keyEncipherment,dataEncipherment” extensions as per:
http://blog.warcop.com/2015/01/22/cisco-jabber-certificate-warning-again/
Jabber for Windows clients 9.2.5 and greater are flagging invalid certificates on our currently installed TERENA certificates.
---
/-Gary Parker----------------------------------f--\
| Unified Communications Service Manager |
n Loughborough University IT Services |
| Tel: +441509635635 Mob: +447989172258 o
| http://delphium.lboro.ac.uk/pubkey.txt |
\r----------------------------------------------d-/
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list