[cisco-voip] 10.5.2 Certificate bug
Ryan Ratliff (rratliff)
rratliff at cisco.com
Mon Jul 20 09:48:19 EDT 2015
It’s in this thread.
http://www.gossamer-threads.com/lists/cisco/voip/187823
UCM wants a cert generated using the CSR it provides. Nate covered in that thread how to make this work using the Digicert wildcard cert.
-Ryan
On Jul 20, 2015, at 1:20 AM, Rajkumar Yadav <rajkumaryadav at y7mail.com<mailto:rajkumaryadav at y7mail.com>> wrote:
Thank you Dennis,
I see few mail's where the Digicert wild card has been used and it's working fine, is it really what i understand.
I do understand it will be still not supported by TAC.
Regards,
Raaj.
________________________________
From: "Heim, Dennis" <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>>
To: Rajkumar Yadav <rajkumaryadav at y7mail.com<mailto:rajkumaryadav at y7mail.com>>; Cisco VoIP Group <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Sent: Monday, 20 July 2015, 7:44
Subject: RE: [cisco-voip] 10.5.2 Certificate bug
Wildcard certs are not support on the UC applications.
Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814
<image001.png><https://twitter.com/CollabSensei>
<image002.png><image003.png><image004.png>
“There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper
Click here to join me in my Collaboration Meeting Room<https://wwt.webex.com/meet/dennis.heim>
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Rajkumar Yadav
Sent: Sunday, July 19, 2015 1:55 PM
To: Cisco VoIP Group <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] 10.5.2 Certificate bug
Hi,
I would like to know whether can i use the digicert wild card certificate for CUCM, CUC and IM&P.
CUCM version is 10.5.2.
As CUCM 10.5.2 support cluster wide multi server certificate.
As per Cisco it required multi san certificate, still will it work with wild card ?
Regards,
Raaj
Message: 1
Date: Sun, 19 Jul 2015 03:29:39 +0000
From: Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:cisco-voip at gmail.com>>
To: "Heim, Dennis" <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>>, Ryan Huff
<ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>, "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>"
<cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] 10.5.2 Certificate bug
Message-ID:
<CACRCJOgp3h8ydbLFO5OFYGfmftMd_oqYOn6pnGPnaPLTAYYfsQ at mail.gmail.com<mailto:CACRCJOgp3h8ydbLFO5OFYGfmftMd_oqYOn6pnGPnaPLTAYYfsQ at mail.gmail.com>>
Content-Type: text/plain; charset="utf-8"
More like, another reason not to run base versions, especially when there's
two major service updates available.
On Fri, Jul 17, 2015 at 4:50 PM Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
> Looks like another reason to move to 10.5(2)SU2A.
>
>
>
> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>
> World Wide Technology, Inc. | +1 314-212-1814
>
> [image: twitter] <https://twitter.com/CollabSensei>
>
> [image: chat][image: Phone] <+13142121814>[image: video]
>
> ?There is a fine line between Wrong and Visionary. Unfortunately, you have
> to be a visionary to see it." ? Sheldon Cooper
>
>
>
> *Click here to join me in my Collaboration Meeting Room
> <https://wwt.webex.com/meet/dennis.heim>*
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] *On Behalf
> Of *Ryan Huff
> *Sent:* Friday, July 17, 2015 4:10 PM
> *To:* cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> *Subject:* [cisco-voip] 10.5.2 Certificate bug
>
>
>
> So this bug cost me 2 hours last night .. one of the more ridiculous ones
> I have seen in awhile. 10.5.2; the Subject Alternative Name in the CSR
> can't be the same as the CN (although that is how most CA's will generate).
>
> The work around? Add a space character at the end of the CN when you
> generate the CSR and then the call manage *magically* puts the CN in the
> SAN field of the CSR ..... W.T.F
>
> https://tools.cisco.com/bugsearch/bug/CSCus47235
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3876 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1389 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1292 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1391 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0007.png>
------------------------------
<image001.png><image002.png><image003.png><image004.png>_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/21501225/attachment.html>
More information about the cisco-voip
mailing list