[cisco-voip] Digicert Wildcard certificates

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Jul 15 12:42:52 EDT 2015


I'm a little confused here.  According to this article:
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard,
and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, wild
card certs are not supported.  Are we talking about the same thing here?

On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <PedersenE at bennettjones.com>
wrote:

>  Digicert lets you put your domain and subdomains of any level as SANs.
> It’s great! They even generated a duplicate certificate for me with a
> different root CA that was supported with WebEx enabled Telepresence. We
> use their wildcard certificates on all of our UC servers.
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Heim, Dennis
> *Sent:* 15 July 2015 8:28 AM
> *To:* Ian Anderson; NateCCIE; Cisco VOIP
>
>
> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>
>
>
> I’ve found the hardest thing to find a cert providers that likes putting
> the domain as a san such as DNS=mycollab.com. Has anyone found any
> providers that are kosher with that? From one of the Cisco Live sessions, I
> was told this is needed for service discovery to function properly.
>
>
>
> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>
> World Wide Technology, Inc. | +1 314-212-1814
>
> [image: twitter] <https://twitter.com/CollabSensei>
>
> [image: chat][image: Phone] <+13142121814>[image: video]
>
> “There is a fine line between Wrong and Visionary. Unfortunately, you have
> to be a visionary to see it." – Sheldon Cooper
>
>
>
> Click here to join me in my Collaboration Meeting Room
> <https://wwt.webex.com/meet/dennis.heim>
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net
> <cisco-voip-bounces at puck.nether.net>] *On Behalf Of *Ian Anderson
>
>
> *Sent:* Wednesday, July 15, 2015 10:18 AM
> *To:* NateCCIE; Cisco VOIP
> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>
>
>
>
>
> On 15 July 2015 at 15:02, NateCCIE <nateccie at gmail.com> wrote:
>
>  Did you put all of your SANs in the digicert page?
>
> z
>
> I have this working on all of my expressway installs.
>
>  Hi Nate,
>
>
>
> Thanks for the quick response, just for preservation in the archives for
> future posterity and confirmation that digicert seems fine despite the
> warnings in the manuals, it seemed I was running into 2 separate issues.
>
>
>
> 1) I had uploaded the intermediate cert, but needed to manually download
> and upload the root CA
>
> 2) That then got me past the TLS error, only to find that I had
> fat-fingered the hostname in the SAN field :-(
>
>
>
> Cheers
>
>
>
> Ian
>
>
> The contents of this message may contain confidential and/or privileged
> subject matter. If this message has been received in error, please contact
> the sender and delete all copies. Like other forms of communication, e-mail
> communications may be vulnerable to interception by unauthorized parties.
> If you do not wish us to communicate with you by e-mail, please notify us
> at your earliest convenience. In the absence of such notification, your
> consent is assumed. Should you choose to allow us to communicate by e-mail,
> we will not take any additional security measures (such as encryption)
> unless specifically requested.
>
> If you no longer wish to receive commercial messages, you can unsubscribe
> by accessing this link: http://www.bennettjones.com/unsubscribe
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150715/036998d6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3876 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150715/036998d6/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1389 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150715/036998d6/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1292 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150715/036998d6/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1391 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150715/036998d6/attachment-0003.png>


More information about the cisco-voip mailing list