[cisco-voip] 10.5.2 Certificate bug

Ryan Ratliff (rratliff) rratliff at cisco.com
Mon Jul 20 09:48:19 EDT 2015


It’s in this thread.
http://www.gossamer-threads.com/lists/cisco/voip/187823

UCM wants a cert generated using the CSR it provides.  Nate covered in that thread how to make this work using the Digicert wildcard cert.

-Ryan

On Jul 20, 2015, at 1:20 AM, Rajkumar Yadav <rajkumaryadav at y7mail.com<mailto:rajkumaryadav at y7mail.com>> wrote:

Thank you Dennis,

I see few mail's where the Digicert wild card has been used and it's working fine, is it really what i understand.

I do understand it will be still not supported by TAC.


Regards,
Raaj.



________________________________
From: "Heim, Dennis" <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>>
To: Rajkumar Yadav <rajkumaryadav at y7mail.com<mailto:rajkumaryadav at y7mail.com>>; Cisco VoIP Group <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Sent: Monday, 20 July 2015, 7:44
Subject: RE: [cisco-voip] 10.5.2 Certificate bug

Wildcard certs are not support on the UC applications.

Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814
<image001.png><https://twitter.com/CollabSensei>
<image002.png><image003.png><image004.png>
“There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper

Click here to join me in my Collaboration Meeting Room<https://wwt.webex.com/meet/dennis.heim>



From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Rajkumar Yadav
Sent: Sunday, July 19, 2015 1:55 PM
To: Cisco VoIP Group <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] 10.5.2 Certificate bug

Hi,

I would like to know whether can i use the digicert wild card certificate for CUCM, CUC and IM&P.

CUCM version is 10.5.2.

As CUCM 10.5.2 support cluster wide multi  server certificate.

As per Cisco it required multi san certificate, still will it work with wild card ?


Regards,
Raaj




Message: 1
Date: Sun, 19 Jul 2015 03:29:39 +0000
From: Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:cisco-voip at gmail.com>>
To: "Heim, Dennis" <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>>, Ryan Huff
    <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>,  "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>"
    <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] 10.5.2 Certificate bug
Message-ID:
    <CACRCJOgp3h8ydbLFO5OFYGfmftMd_oqYOn6pnGPnaPLTAYYfsQ at mail.gmail.com<mailto:CACRCJOgp3h8ydbLFO5OFYGfmftMd_oqYOn6pnGPnaPLTAYYfsQ at mail.gmail.com>>
Content-Type: text/plain; charset="utf-8"

More like, another reason not to run base versions, especially when there's
two major service updates available.

On Fri, Jul 17, 2015 at 4:50 PM Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:

>  Looks like another reason to move to 10.5(2)SU2A.
>
>
>
> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>
> World Wide Technology, Inc. | +1 314-212-1814
>
> [image: twitter] <https://twitter.com/CollabSensei>
>
> [image: chat][image: Phone] <+13142121814>[image: video]
>
> ?There is a fine line between Wrong and Visionary. Unfortunately, you have
> to be a visionary to see it." ? Sheldon Cooper
>
>
>
> *Click here to join me in my Collaboration Meeting Room
> <https://wwt.webex.com/meet/dennis.heim>*
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] *On Behalf
> Of *Ryan Huff
> *Sent:* Friday, July 17, 2015 4:10 PM
> *To:* cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> *Subject:* [cisco-voip] 10.5.2 Certificate bug
>
>
>
> So this bug cost me 2 hours last night .. one of the more ridiculous ones
> I have seen in awhile. 10.5.2; the Subject Alternative Name in the CSR
> can't be the same as the CN (although that is how most CA's will generate).
>
> The work around? Add a space character at the end of the CN when you
> generate the CSR and then the call manage *magically* puts the CN in the
> SAN field of the CSR ..... W.T.F
>
> https://tools.cisco.com/bugsearch/bug/CSCus47235
>
>  _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3876 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1389 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1292 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1391 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150719/900bfe2e/attachment-0007.png>

------------------------------


<image001.png><image002.png><image003.png><image004.png>_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/21501225/attachment.html>


More information about the cisco-voip mailing list