[cisco-voip] cisco-voip Digest, Vol 141, Issue 18

Dale Thompson dthomp7260 at earthlink.net
Tue Jul 21 16:49:59 EDT 2015


If anyone is looking for a short time position in the Detroit area TekSystems is looking for individuals with Cisco call manager experience.

Dale Thompson
12128 Belmont Ave
Warren, Michigan
586-757-5840
dthomp7260 at earthlink.net



-----Original Message-----
>From: cisco-voip-request at puck.nether.net
>Sent: Jul 21, 2015 12:00 PM
>To: cisco-voip at puck.nether.net
>Subject: cisco-voip Digest, Vol 141, Issue 18
>
>Send cisco-voip mailing list submissions to
>	cisco-voip at puck.nether.net
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://puck.nether.net/mailman/listinfo/cisco-voip
>or, via email, send a message with subject or body 'help' to
>	cisco-voip-request at puck.nether.net
>
>You can reach the person managing the list at
>	cisco-voip-owner at puck.nether.net
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of cisco-voip digest..."
>
>
>Today's Topics:
>
>   1. Re: Digicert Wildcard certificates (Charles Goldsmith)
>   2. CUCM translation pattern postfix digits (NateCCIE)
>   3. Re: CUCM translation pattern postfix digits (Ryan Huff)
>   4. Re: CUCM translation pattern postfix digits (Ryan Huff)
>   5. Re: CUCM translation pattern postfix digits (NateCCIE)
>   6. Re: CUCM translation pattern postfix digits (Ryan Huff)
>   7. Re: CUCM translation pattern postfix digits (Lelio Fulgenzi)
>   8. Re: CUCM translation pattern postfix digits (Ryan Huff)
>   9. Re: CUCM translation pattern postfix digits (Dave Goodwin)
>  10. Re: Digicert Wildcard certificates (Anthony Holloway)
>  11. Greeting notification? (Lisa Notarianni)
>  12. Re: Greeting notification? (Lelio Fulgenzi)
>  13. Re: Digicert Wildcard certificates (NateCCIE)
>  14. How to send call to 10 digit in ICM Scripting (AbdusSaboor Khan)
>  15. Re: How to send call to 10 digit in ICM Scripting (Brian Meade)
>  16. Re: How to send call to 10 digit in ICM Scripting (Brian Meade)
>  17. Call abandonment (chris)
>  18. Re: Digicert Wildcard certificates (Justin Steinberg)
>  19. E20 - CDP and voice VLANs (Lelio Fulgenzi)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 20 Jul 2015 10:18:27 -0600
>From: Charles Goldsmith <wokka at justfamily.org>
>To: Ian Anderson <ia at andersoi.co.uk>
>Cc: NateCCIE <nateccie at gmail.com>, Cisco VOIP
>	<cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>Message-ID:
>	<CAGm7T+Arv0XCBfWYMPFSFwQ9SnTn=hRB2c+ZjeSzypTkewQ3LA at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>One thing of note, Digicert works very well with all of our UC apps with
>their UC certificate.  Add all of your server names as SAN's, as well as
>the domain name, and just duplicate the certificate for each app, changing
>the CN.  It works well and also Digicert has great support.
>
>On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <ia at andersoi.co.uk> wrote:
>
>> Hi Nate,
>>
>> I think that the concern of using wildcards generaly comes from the
>> security and compliance folks in that if the private key of any of the
>> servers was to be compromised then the resulting public and private keys
>> could be used to impersonate any subdomain, e.g e-payments.domain.com..
>>
>> That said, as long as the customer is aware of the risk then the digicert
>> is a fantastic option, although a lot of these issues go away in 10.5.
>>
>> The only app I've had it completely throw a wobble on so far is UCCX 9.0
>> as this was checking the CN on certificate upload and didn't like * even
>> though the server name as in the SAN.
>>
>> Cheers
>>
>> Ian
>>
>> On 16 July 2015 at 02:35, NateCCIE <nateccie at gmail.com> wrote:
>>
>>> Most of the time wildcard certs mean you have a CSR and a private key
>>> generated by something, and then you upload the private key and the public
>>> key to lots of servers.  The application would need to be able to upload a
>>> private key and not require its own CSR.
>>>
>>> Cucm, unity cxn, uccx, do not support uploading a private key.
>>>
>>> Expressway, I think conductor do allow you to upload a private key.
>>>
>>> But what makes digicert really cool is you can buy the wildcard cert,
>>> then you keep reissuing a new certificate from that one purchase.
>>>
>>> You can do this from what I understand an unlimited times.
>>>
>>> There may be other CAs that do this.  I saw one the seemed like it was
>>> going to work, but since the CSR did not include the * as a SAN, they would
>>> not issue the cert.
>>>
>>> Digicert with the Willard includes the *.domain.com and domain.com SANs
>>> automatically, and you can specify about 15 other SANs for each CSR/cert.
>>>
>>> So cucm and the other apps are happy because the cert was generated using
>>> its own CSR.
>>>
>>> Using these certs, I had one TAC case where cucm balked at the cert, but
>>> I could upload the cluster wide tomcat SAN cert via im&p. This turned out
>>> to be a problem with the domain casing not matching between all of the
>>> servers and the cert. always use domain.com and not DOMain.com and life
>>> is happy.
>>>
>>> I am not affiliated with digicert other than they are here in Utah also.
>>> It just makes life really easy to tell the customer to buy this one cert
>>> and O I can make all of the Cisco UC/jabber cert errors go away!
>>>
>>> Ps. Has anyone figured out what to do with conductor wanting IP address
>>> in the SAN?
>>>
>>> Sent from my iPhone
>>>
>>> On Jul 15, 2015, at 10:42 AM, Anthony Holloway <
>>> avholloway+cisco-voip at gmail.com> wrote:
>>>
>>> I'm a little confused here.  According to this article:
>>> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard,
>>> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/,
>>> wild card certs are not supported.  Are we talking about the same thing
>>> here?
>>>
>>> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <
>>> PedersenE at bennettjones.com> wrote:
>>>
>>>>  Digicert lets you put your domain and subdomains of any level as SANs.
>>>> It?s great! They even generated a duplicate certificate for me with a
>>>> different root CA that was supported with WebEx enabled Telepresence. We
>>>> use their wildcard certificates on all of our UC servers.
>>>>
>>>>
>>>>
>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>> Behalf Of *Heim, Dennis
>>>> *Sent:* 15 July 2015 8:28 AM
>>>> *To:* Ian Anderson; NateCCIE; Cisco VOIP
>>>>
>>>>
>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>>>
>>>>
>>>>
>>>> I?ve found the hardest thing to find a cert providers that likes putting
>>>> the domain as a san such as DNS=mycollab.com. Has anyone found any
>>>> providers that are kosher with that? From one of the Cisco Live sessions, I
>>>> was told this is needed for service discovery to function properly.
>>>>
>>>>
>>>>
>>>> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>>>>
>>>> World Wide Technology, Inc. | +1 314-212-1814
>>>>
>>>> [image: twitter] <https://twitter.com/CollabSensei>
>>>>
>>>> <image002.png><image003.png> <+13142121814><image004.png>
>>>>
>>>> ?There is a fine line between Wrong and Visionary. Unfortunately, you
>>>> have to be a visionary to see it." ? Sheldon Cooper
>>>>
>>>>
>>>>
>>>> Click here to join me in my Collaboration Meeting Room
>>>> <https://wwt.webex.com/meet/dennis.heim>
>>>>
>>>>
>>>>
>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net
>>>> <cisco-voip-bounces at puck.nether.net>] *On Behalf Of *Ian Anderson
>>>>
>>>>
>>>> *Sent:* Wednesday, July 15, 2015 10:18 AM
>>>> *To:* NateCCIE; Cisco VOIP
>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 15 July 2015 at 15:02, NateCCIE <nateccie at gmail.com> wrote:
>>>>
>>>>  Did you put all of your SANs in the digicert page?
>>>>
>>>> z
>>>>
>>>> I have this working on all of my expressway installs.
>>>>
>>>>  Hi Nate,
>>>>
>>>>
>>>>
>>>> Thanks for the quick response, just for preservation in the archives for
>>>> future posterity and confirmation that digicert seems fine despite the
>>>> warnings in the manuals, it seemed I was running into 2 separate issues.
>>>>
>>>>
>>>>
>>>> 1) I had uploaded the intermediate cert, but needed to manually download
>>>> and upload the root CA
>>>>
>>>> 2) That then got me past the TLS error, only to find that I had
>>>> fat-fingered the hostname in the SAN field :-(
>>>>
>>>>
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
>>>> Ian
>>>>
>>>>
>>>> The contents of this message may contain confidential and/or privileged
>>>> subject matter. If this message has been received in error, please contact
>>>> the sender and delete all copies. Like other forms of communication, e-mail
>>>> communications may be vulnerable to interception by unauthorized parties.
>>>> If you do not wish us to communicate with you by e-mail, please notify us
>>>> at your earliest convenience. In the absence of such notification, your
>>>> consent is assumed. Should you choose to allow us to communicate by e-mail,
>>>> we will not take any additional security measures (such as encryption)
>>>> unless specifically requested.
>>>>
>>>> If you no longer wish to receive commercial messages, you can
>>>> unsubscribe by accessing this link:
>>>> http://www.bennettjones.com/unsubscribe
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/c344ab85/attachment-0001.html>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: image001.png
>Type: image/png
>Size: 3876 bytes
>Desc: not available
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/c344ab85/attachment-0001.png>
>
>------------------------------
>
>Message: 2
>Date: Mon, 20 Jul 2015 18:07:48 -0600
>From: NateCCIE <nateccie at gmail.com>
>To: "'Cisco VOIP'" <cisco-voip at puck.nether.net>
>Subject: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <10e901d0c349$478127e0$d68377a0$@gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>I want to do some system wide speed dials in CUCM.
>
> 
>
>*5XXX to call 8XXX3101.
>
> 
>
>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits.
>
> 
>
>I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX.
>
> 
>
>Thanks,
>
>-Nate
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/0aac4b86/attachment-0001.html>
>
>------------------------------
>
>Message: 3
>Date: Mon, 20 Jul 2015 20:27:53 -0400
>From: Ryan Huff <ryanhuff at outlook.com>
>To: nateccie at gmail.com, cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <COL401-EAS2063BF7EA0D93B6C331DA28C5840 at phx.gbl>
>Content-Type: text/plain; charset="utf-8"
>
>Nate,
>
>I am not by my Linux machine (refuse to use winblows) to vet this but could you do:
>
>*5XXX with a CPTM of XXX3101 with a prefix of 8?
>
>Thanks,
>
>Ryan
>
>-------- Original Message --------
>From: NateCCIE <nateccie at gmail.com>
>Sent: Monday, July 20, 2015 08:08 PM
>To: 'Cisco VOIP' <cisco-voip at puck.nether.net>
>Subject: [cisco-voip] CUCM translation pattern postfix digits
>
>>I want to do some system wide speed dials in CUCM.
>>
>> 
>>
>>*5XXX to call 8XXX3101.
>>
>> 
>>
>>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits.
>>
>> 
>>
>>I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX.
>>
>> 
>>
>>Thanks,
>>
>>-Nate
>>
>>
>>_______________________________________________
>>cisco-voip mailing list
>>cisco-voip at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-voip
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/f26b7855/attachment-0001.html>
>
>------------------------------
>
>Message: 4
>Date: 20 Jul 2015 17:33:51 -0700
>From: Ryan Huff <ryanhuff at outlook.com>
>To: nateccie at gmail.com, cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <COL401-EAS5017DC5EFA7D086D50053EC5840 at phx.gbl>
>Content-Type: text/plain; charset="utf-8"
>
>So rather than use a translation pattern, you would use a route pattern. 
>
>Set up an h.323 gateway with a cucm call processing node as the ip address of the gateway and add that into your route group/route list/route pattern. 
>
>That should work in theory.
>
>Thanks,
>
>Ryan
>
>-------- Original Message --------
>From: Ryan Huff <ryanhuff at outlook.com>
>Sent: Monday, July 20, 2015 08:27 PM
>To: nateccie at gmail.com,cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>
>>Nate,
>>
>>I am not by my Linux machine (refuse to use winblows) to vet this but could you do:
>>
>>*5XXX with a CPTM of XXX3101 with a prefix of 8?
>>
>>Thanks,
>>
>>Ryan
>>
>>-------- Original Message --------
>>From: NateCCIE <nateccie at gmail.com>
>>Sent: Monday, July 20, 2015 08:08 PM
>>To: 'Cisco VOIP' <cisco-voip at puck.nether.net>
>>Subject: [cisco-voip] CUCM translation pattern postfix digits
>>
>>>I want to do some system wide speed dials in CUCM.
>>>
>>> 
>>>
>>>*5XXX to call 8XXX3101.
>>>
>>> 
>>>
>>>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits.
>>>
>>> 
>>>
>>>I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX.
>>>
>>> 
>>>
>>>Thanks,
>>>
>>>-Nate
>>>
>>>
>>>_______________________________________________
>>>cisco-voip mailing list
>>>cisco-voip at puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-voip
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/ade67e53/attachment-0001.html>
>
>------------------------------
>
>Message: 5
>Date: Mon, 20 Jul 2015 18:39:15 -0600
>From: NateCCIE <nateccie at gmail.com>
>To: Ryan Huff <ryanhuff at outlook.com>
>Cc: "cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <FF336189-5408-4D9D-8093-12F8B6D476C9 at gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>Called party transformation mask seem to match the XXX to the last digits. 
>
>So with a pattern of XXX the XXX can only be in the last 3 digits of the mask   , DNA shows ? And won't route the call if you have Xs to early in the pattern. 
>
>Sent from my iPhone
>+1 801 718 2308
>
>> On Jul 20, 2015, at 6:27 PM, Ryan Huff <ryanhuff at outlook.com> wrote:
>> 
>> Nate,
>> 
>> I am not by my Linux machine (refuse to use winblows) to vet this but could you do:
>> 
>> *5XXX with a CPTM of XXX3101 with a prefix of 8?
>> 
>> Thanks,
>> 
>> Ryan
>> 
>> 
>> 
>> -------- Original Message --------
>> From: NateCCIE <nateccie at gmail.com>
>> Sent: Monday, July 20, 2015 08:08 PM
>> To: 'Cisco VOIP' <cisco-voip at puck.nether.net>
>> Subject: [cisco-voip] CUCM translation pattern postfix digits
>> 
>> I want to do some system wide speed dials in CUCM.
>> 
>>  
>> 
>> *5XXX to call 8XXX3101.
>> 
>>  
>> 
>> I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits.
>> 
>>  
>> 
>> I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX.
>> 
>>  
>> 
>> Thanks,
>> 
>> -Nate
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/dad2f6c4/attachment-0001.html>
>
>------------------------------
>
>Message: 6
>Date: 20 Jul 2015 18:13:07 -0700
>From: Ryan Huff <ryanhuff at outlook.com>
>To: nateccie at gmail.com
>Cc: cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <COL401-EAS12644E74F0B1A13D2AC87A7C5840 at phx.gbl>
>Content-Type: text/plain; charset="utf-8"
>
>Xlate : *5XXX (CPTM: 8XXX)
>
>Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 gateway that uses a ccm call processing node as the ip address of the gateway.
>
>It could be the IPA talking but that sounds like it should work?
>
>Thanks,
>
>Ryan
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/4329883e/attachment-0001.html>
>
>------------------------------
>
>Message: 7
>Date: Mon, 20 Jul 2015 21:22:50 -0400 (EDT)
>From: Lelio Fulgenzi <lelio at uoguelph.ca>
>To: Ryan Huff <ryanhuff at outlook.com>, nateccie at gmail.com
>Cc: cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID:
>	<1237215267.627291.1437441770347.JavaMail.zimbra at uoguelph.ca>
>Content-Type: text/plain; charset="utf-8"
>
>In v9, translation pattern does not accept X as valid character for prefix field. :( 
>
>Since the purposes are similar, I'm guessing route patterns wouldn't allow it either. 
>
>This is a good one. 
>
>--- 
>Lelio Fulgenzi, B.A. 
>Senior Analyst, Network Infrastructure 
>Computing and Communications Services (CCS) 
>University of Guelph 
>
>519?824?4120 Ext 56354 
>lelio at uoguelph.ca 
>www.uoguelph.ca/ccs 
>Room 037, Animal Science and Nutrition Building 
>Guelph, Ontario, N1G 2W1 
>
>----- Original Message -----
>
>From: "Ryan Huff" <ryanhuff at outlook.com> 
>To: nateccie at gmail.com 
>Cc: cisco-voip at puck.nether.net 
>Sent: Monday, 20 July, 2015 9:13:07 PM 
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits 
>
>
>
>Xlate : *5XXX (CPTM: 8XXX) 
>
>Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 gateway that uses a ccm call processing node as the ip address of the gateway. 
>
>It could be the IPA talking but that sounds like it should work? 
>
>Thanks, 
>
>Ryan 
>
>-------- Original Message -------- 
>From: NateCCIE <nateccie at gmail.com> 
>Sent: Monday, July 20, 2015 08:39 PM 
>To: Ryan Huff <ryanhuff at outlook.com> 
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits 
>CC: cisco-voip at puck.nether.net 
>
>Called party transformation mask seem to match the XXX to the last digits. 
>
>So with a pattern of XXX the XXX can only be in the last 3 digits of the mask , DNA shows ? And won't route the call if you have Xs to early in the pattern. 
>
>Sent from my iPhone 
>+1 801 718 2308 
>
>On Jul 20, 2015, at 6:27 PM, Ryan Huff < ryanhuff at outlook.com > wrote: 
>
>
>
>
>
>
>Nate, 
>
>I am not by my Linux machine (refuse to use winblows) to vet this but could you do: 
>
>*5XXX with a CPTM of XXX3101 with a prefix of 8? 
>
>Thanks, 
>
>Ryan 
>
>-------- Original Message -------- 
>From: NateCCIE < nateccie at gmail.com > 
>Sent: Monday, July 20, 2015 08:08 PM 
>To: 'Cisco VOIP' < cisco-voip at puck.nether.net > 
>Subject: [cisco-voip] CUCM translation pattern postfix digits 
>
>
>
>I want to do some system wide speed dials in CUCM. 
>
>
>
>*5XXX to call 8XXX3101. 
>
>
>
>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits. 
>
>
>
>I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX. 
>
>
>
>Thanks, 
>
>-Nate 
>
>
>
>_______________________________________________ 
>cisco-voip mailing list 
>cisco-voip at puck.nether.net 
>https://puck.nether.net/mailman/listinfo/cisco-voip 
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/ba055014/attachment-0001.html>
>
>------------------------------
>
>Message: 8
>Date: Mon, 20 Jul 2015 21:29:43 -0400
>From: Ryan Huff <ryanhuff at outlook.com>
>To: lelio at uoguelph.ca, nateccie at gmail.com
>Cc: cisco-voip at puck.nether.net
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID: <COL401-EAS665D6F2E7906BF1986747FC5840 at phx.gbl>
>Content-Type: text/plain; charset="utf-8"
>
>Well Lelio, that is what you get for trying to do digit manipulation on a napkin in between wings! Lol
>
>Thanks,
>
>Ryan
>
>-------- Original Message --------
>From: Lelio Fulgenzi <lelio at uoguelph.ca>
>Sent: Monday, July 20, 2015 09:22 PM
>To: Ryan Huff <ryanhuff at outlook.com>,nateccie at gmail.com
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>CC: cisco-voip at puck.nether.net
>
>>In v9, translation pattern does not accept X as valid character for prefix field. :( 
>>
>>Since the purposes are similar, I'm guessing route patterns wouldn't allow it either. 
>>
>>This is a good one. 
>>
>>--- 
>>Lelio Fulgenzi, B.A. 
>>Senior Analyst, Network Infrastructure 
>>Computing and Communications Services (CCS) 
>>University of Guelph 
>>
>>519?824?4120 Ext 56354 
>>lelio at uoguelph.ca 
>>www.uoguelph.ca/ccs 
>>Room 037, Animal Science and Nutrition Building 
>>Guelph, Ontario, N1G 2W1 
>>
>>----- Original Message -----
>>
>>From: "Ryan Huff" <ryanhuff at outlook.com> 
>>To: nateccie at gmail.com 
>>Cc: cisco-voip at puck.nether.net 
>>Sent: Monday, 20 July, 2015 9:13:07 PM 
>>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits 
>>
>>
>>
>>Xlate : *5XXX (CPTM: 8XXX) 
>>
>>Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 gateway that uses a ccm call processing node as the ip address of the gateway. 
>>
>>It could be the IPA talking but that sounds like it should work? 
>>
>>Thanks, 
>>
>>Ryan 
>>
>>-------- Original Message -------- 
>>From: NateCCIE <nateccie at gmail.com> 
>>Sent: Monday, July 20, 2015 08:39 PM 
>>To: Ryan Huff <ryanhuff at outlook.com> 
>>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits 
>>CC: cisco-voip at puck.nether.net 
>>
>>Called party transformation mask seem to match the XXX to the last digits. 
>>
>>So with a pattern of XXX the XXX can only be in the last 3 digits of the mask , DNA shows ? And won't route the call if you have Xs to early in the pattern. 
>>
>>Sent from my iPhone 
>>+1 801 718 2308 
>>
>>On Jul 20, 2015, at 6:27 PM, Ryan Huff < ryanhuff at outlook.com > wrote: 
>>
>>
>>
>>
>>
>>
>>Nate, 
>>
>>I am not by my Linux machine (refuse to use winblows) to vet this but could you do: 
>>
>>*5XXX with a CPTM of XXX3101 with a prefix of 8? 
>>
>>Thanks, 
>>
>>Ryan 
>>
>>-------- Original Message -------- 
>>From: NateCCIE < nateccie at gmail.com > 
>>Sent: Monday, July 20, 2015 08:08 PM 
>>To: 'Cisco VOIP' < cisco-voip at puck.nether.net > 
>>Subject: [cisco-voip] CUCM translation pattern postfix digits 
>>
>>
>>
>>I want to do some system wide speed dials in CUCM. 
>>
>>
>>
>>*5XXX to call 8XXX3101. 
>>
>>
>>
>>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, but it doesn?t allow the post fixing of digits and still use the XXX, it needs to be the last digits. 
>>
>>
>>
>>I know I could do this in IOS, but I really want a CUCM only solution, without creating an individual TP for each XXX. 
>>
>>
>>
>>Thanks, 
>>
>>-Nate 
>>
>>
>>
>>_______________________________________________ 
>>cisco-voip mailing list 
>>cisco-voip at puck.nether.net 
>>https://puck.nether.net/mailman/listinfo/cisco-voip 
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/e8a401a0/attachment-0001.html>
>
>------------------------------
>
>Message: 9
>Date: Mon, 20 Jul 2015 22:24:33 -0400
>From: Dave Goodwin <dave.goodwin at december.net>
>To: Ryan Huff <ryanhuff at outlook.com>
>Cc: lelio at uoguelph.ca, nateccie at gmail.com,
>	"cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>Message-ID:
>	<CAMmXPv4g3vMFcq=huH9mwe8MBaV0pnOYdBLpPCkdZ-v_e2Vu1w at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>I tried creating a dummy CTIRP with a DN of *5XXX and set it to CFA to
>8XXX3101. That appears to be configurable (I did it on a test 10.5 box),
>and when I check DNA it seems to indicate the correct pattern for the CFA.
>However, when I did a quick test dialing out to *5123, I didn't get it to
>ring 81233101. Unfortunately I don't have any more time at the moment to
>try digging through the trace to see if I can see why it didn't work, but I
>at least thought I would share that this strange way of doing it at least
>gives you the appearance it could work. :-\
>
>On Mon, Jul 20, 2015 at 9:29 PM, Ryan Huff <ryanhuff at outlook.com> wrote:
>
>> Well Lelio, that is what you get for trying to do digit manipulation on a
>> napkin in between wings! Lol
>>
>> Thanks,
>>
>> Ryan
>>
>>
>> -------- Original Message --------
>> From: Lelio Fulgenzi <lelio at uoguelph.ca>
>> Sent: Monday, July 20, 2015 09:22 PM
>> To: Ryan Huff <ryanhuff at outlook.com>,nateccie at gmail.com
>> Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>> CC: cisco-voip at puck.nether.net
>>
>> In v9, translation pattern does not accept X as valid character for prefix
>> field. :(
>>
>> Since the purposes are similar, I'm guessing route patterns wouldn't allow
>> it either.
>>
>> This is a good one.
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519?824?4120 Ext 56354
>> lelio at uoguelph.ca
>> www.uoguelph.ca/ccs
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>> ------------------------------
>> *From: *"Ryan Huff" <ryanhuff at outlook.com>
>> *To: *nateccie at gmail.com
>> *Cc: *cisco-voip at puck.nether.net
>> *Sent: *Monday, 20 July, 2015 9:13:07 PM
>> *Subject: *Re: [cisco-voip] CUCM translation pattern postfix digits
>>
>> Xlate : *5XXX (CPTM: 8XXX)
>>
>> Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to
>> h.323 gateway that uses a ccm call processing node as the ip address of the
>> gateway.
>>
>> It could be the IPA talking but that sounds like it should work?
>>
>> Thanks,
>>
>> Ryan
>>
>>
>> -------- Original Message --------
>> From: NateCCIE <nateccie at gmail.com>
>> Sent: Monday, July 20, 2015 08:39 PM
>> To: Ryan Huff <ryanhuff at outlook.com>
>> Subject: Re: [cisco-voip] CUCM translation pattern postfix digits
>> CC: cisco-voip at puck.nether.net
>>
>> Called party transformation mask seem to match the XXX to the last digits.
>>
>> So with a pattern of XXX the XXX can only be in the last 3 digits of the
>> mask   , DNA shows ? And won't route the call if you have Xs to early in
>> the pattern.
>>
>> Sent from my iPhone
>> +1 801 718 2308
>>
>> On Jul 20, 2015, at 6:27 PM, Ryan Huff <ryanhuff at outlook.com> wrote:
>>
>> Nate,
>>
>> I am not by my Linux machine (refuse to use winblows) to vet this but
>> could you do:
>>
>> *5XXX with a CPTM of XXX3101 with a prefix of 8?
>>
>> Thanks,
>>
>> Ryan
>>
>>
>> -------- Original Message --------
>> From: NateCCIE <nateccie at gmail.com>
>> Sent: Monday, July 20, 2015 08:08 PM
>> To: 'Cisco VOIP' <cisco-voip at puck.nether.net>
>> Subject: [cisco-voip] CUCM translation pattern postfix digits
>>
>> I want to do some system wide speed dials in CUCM.
>>
>>
>>
>> *5XXX to call 8XXX3101.
>>
>>
>>
>> I tried Called Party Transform Mask on the translation pattern of
>> 8XXX3101, but it doesn?t allow the post fixing of digits and still use the
>> XXX, it needs to be the last digits.
>>
>>
>>
>> I know I could do this in IOS, but I really want a CUCM only solution,
>> without creating an individual TP for each XXX.
>>
>>
>>
>> Thanks,
>>
>> -Nate
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/a6ad4408/attachment-0001.html>
>
>------------------------------
>
>Message: 10
>Date: Tue, 21 Jul 2015 05:48:45 +0000
>From: Anthony Holloway <avholloway+cisco-voip at gmail.com>
>To: Charles Goldsmith <wokka at justfamily.org>, Ian Anderson
>	<ia at andersoi.co.uk>
>Cc: Cisco VOIP <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>Message-ID:
>	<CACRCJOjK9H3OueM-O_92x=TB0YPbhERFhSn3xVdNLiWergV07A at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>That's great to hear about digicert. I just went through a rough time with
>Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How
>many SAN entries does digicert limit you to and at what price per year?
>
>On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wokka at justfamily.org>
>wrote:
>
>> One thing of note, Digicert works very well with all of our UC apps with
>> their UC certificate.  Add all of your server names as SAN's, as well as
>> the domain name, and just duplicate the certificate for each app, changing
>> the CN.  It works well and also Digicert has great support.
>>
>> On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <ia at andersoi.co.uk> wrote:
>>
>>> Hi Nate,
>>>
>>> I think that the concern of using wildcards generaly comes from the
>>> security and compliance folks in that if the private key of any of the
>>> servers was to be compromised then the resulting public and private keys
>>> could be used to impersonate any subdomain, e.g e-payments.domain.com..
>>>
>>> That said, as long as the customer is aware of the risk then the digicert
>>> is a fantastic option, although a lot of these issues go away in 10.5.
>>>
>>> The only app I've had it completely throw a wobble on so far is UCCX 9.0
>>> as this was checking the CN on certificate upload and didn't like * even
>>> though the server name as in the SAN.
>>>
>>> Cheers
>>>
>>> Ian
>>>
>>> On 16 July 2015 at 02:35, NateCCIE <nateccie at gmail.com> wrote:
>>>
>>>> Most of the time wildcard certs mean you have a CSR and a private key
>>>> generated by something, and then you upload the private key and the public
>>>> key to lots of servers.  The application would need to be able to upload a
>>>> private key and not require its own CSR.
>>>>
>>>> Cucm, unity cxn, uccx, do not support uploading a private key.
>>>>
>>>> Expressway, I think conductor do allow you to upload a private key.
>>>>
>>>> But what makes digicert really cool is you can buy the wildcard cert,
>>>> then you keep reissuing a new certificate from that one purchase.
>>>>
>>>> You can do this from what I understand an unlimited times.
>>>>
>>>> There may be other CAs that do this.  I saw one the seemed like it was
>>>> going to work, but since the CSR did not include the * as a SAN, they would
>>>> not issue the cert.
>>>>
>>>> Digicert with the Willard includes the *.domain.com and domain.com SANs
>>>> automatically, and you can specify about 15 other SANs for each CSR/cert.
>>>>
>>>> So cucm and the other apps are happy because the cert was generated
>>>> using its own CSR.
>>>>
>>>> Using these certs, I had one TAC case where cucm balked at the cert, but
>>>> I could upload the cluster wide tomcat SAN cert via im&p. This turned out
>>>> to be a problem with the domain casing not matching between all of the
>>>> servers and the cert. always use domain.com and not DOMain.com and life
>>>> is happy.
>>>>
>>>> I am not affiliated with digicert other than they are here in Utah also.
>>>> It just makes life really easy to tell the customer to buy this one cert
>>>> and O I can make all of the Cisco UC/jabber cert errors go away!
>>>>
>>>> Ps. Has anyone figured out what to do with conductor wanting IP address
>>>> in the SAN?
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Jul 15, 2015, at 10:42 AM, Anthony Holloway <
>>>> avholloway+cisco-voip at gmail.com> wrote:
>>>>
>>>> I'm a little confused here.  According to this article:
>>>> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard,
>>>> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/,
>>>> wild card certs are not supported.  Are we talking about the same thing
>>>> here?
>>>>
>>>> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <
>>>> PedersenE at bennettjones.com> wrote:
>>>>
>>>>>  Digicert lets you put your domain and subdomains of any level as
>>>>> SANs. It?s great! They even generated a duplicate certificate for me with a
>>>>> different root CA that was supported with WebEx enabled Telepresence. We
>>>>> use their wildcard certificates on all of our UC servers.
>>>>>
>>>>>
>>>>>
>>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>>> Behalf Of *Heim, Dennis
>>>>> *Sent:* 15 July 2015 8:28 AM
>>>>> *To:* Ian Anderson; NateCCIE; Cisco VOIP
>>>>>
>>>>>
>>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>>>>
>>>>>
>>>>>
>>>>> I?ve found the hardest thing to find a cert providers that likes
>>>>> putting the domain as a san such as DNS=mycollab.com. Has anyone found any
>>>>> providers that are kosher with that? From one of the Cisco Live sessions, I
>>>>> was told this is needed for service discovery to function properly.
>>>>>
>>>>>
>>>>>
>>>>> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>>>>>
>>>>> World Wide Technology, Inc. | +1 314-212-1814
>>>>>
>>>>> [image: twitter] <https://twitter.com/CollabSensei>
>>>>>
>>>>> <image002.png><image003.png> <+13142121814><image004.png>
>>>>>
>>>>> ?There is a fine line between Wrong and Visionary. Unfortunately, you
>>>>> have to be a visionary to see it." ? Sheldon Cooper
>>>>>
>>>>>
>>>>>
>>>>> Click here to join me in my Collaboration Meeting Room
>>>>> <https://wwt.webex.com/meet/dennis.heim>
>>>>>
>>>>>
>>>>>
>>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net
>>>>> <cisco-voip-bounces at puck.nether.net>] *On Behalf Of *Ian Anderson
>>>>>
>>>>>
>>>>> *Sent:* Wednesday, July 15, 2015 10:18 AM
>>>>> *To:* NateCCIE; Cisco VOIP
>>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 15 July 2015 at 15:02, NateCCIE <nateccie at gmail.com> wrote:
>>>>>
>>>>>  Did you put all of your SANs in the digicert page?
>>>>>
>>>>> z
>>>>>
>>>>> I have this working on all of my expressway installs.
>>>>>
>>>>>  Hi Nate,
>>>>>
>>>>>
>>>>>
>>>>> Thanks for the quick response, just for preservation in the archives
>>>>> for future posterity and confirmation that digicert seems fine despite the
>>>>> warnings in the manuals, it seemed I was running into 2 separate issues.
>>>>>
>>>>>
>>>>>
>>>>> 1) I had uploaded the intermediate cert, but needed to manually
>>>>> download and upload the root CA
>>>>>
>>>>> 2) That then got me past the TLS error, only to find that I had
>>>>> fat-fingered the hostname in the SAN field :-(
>>>>>
>>>>>
>>>>>
>>>>> Cheers
>>>>>
>>>>>
>>>>>
>>>>> Ian
>>>>>
>>>>>
>>>>> The contents of this message may contain confidential and/or privileged
>>>>> subject matter. If this message has been received in error, please contact
>>>>> the sender and delete all copies. Like other forms of communication, e-mail
>>>>> communications may be vulnerable to interception by unauthorized parties.
>>>>> If you do not wish us to communicate with you by e-mail, please notify us
>>>>> at your earliest convenience. In the absence of such notification, your
>>>>> consent is assumed. Should you choose to allow us to communicate by e-mail,
>>>>> we will not take any additional security measures (such as encryption)
>>>>> unless specifically requested.
>>>>>
>>>>> If you no longer wish to receive commercial messages, you can
>>>>> unsubscribe by accessing this link:
>>>>> http://www.bennettjones.com/unsubscribe
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/0c12cef0/attachment-0001.html>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: image001.png
>Type: image/png
>Size: 3876 bytes
>Desc: not available
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/0c12cef0/attachment-0001.png>
>
>------------------------------
>
>Message: 11
>Date: Tue, 21 Jul 2015 08:06:27 +0000
>From: Lisa Notarianni <lisa.notarianni at scranton.edu>
>To: "cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
>Subject: [cisco-voip] Greeting notification?
>Message-ID: <1045C29D-2C8D-4229-AB2C-EA2DCE597A3B at scranton.edu>
>Content-Type: text/plain; charset="us-ascii"
>
>In Unity Connection 10.5 is there any way to be notified if a greeting changes?
>
>I need to email the wav file of greetings for groups traveling abroad on service trips each time their greetings change. It would be helpful to know when they change.
>
>It needs to be a greeting because parents will also call in to hear the status update as they progress on their trips.
>
>Any ideas out there?
>
>Thanks,
>
>Lisa Notarianni
>Manager of Business and Telecom Services
>The University of Scranton
>
>
>
>
>
>------------------------------
>
>Message: 12
>Date: Tue, 21 Jul 2015 06:19:43 -0400 (EDT)
>From: Lelio Fulgenzi <lelio at uoguelph.ca>
>To: Lisa Notarianni <lisa.notarianni at scranton.edu>
>Cc: "cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Greeting notification?
>Message-ID: <A42D5F3A-0F95-4055-9701-0170E93D87BD at uoguelph.ca>
>Content-Type: text/plain;	charset=us-ascii
>
>I believe there are a few unity connection tools that log (port) activity. You could (possibly) use an app that monitors the file for specific lines of text and then proceed from there. 
>
>Alternatively, (and much easier) if timing is not a factor, you could ask them to leave a message on a special mailbox. From there, trigger an email that sends the email message. Then, go and save the message as their greeting using media master bar utilities.
>
>
>
>Sent from my iPhone
>
>> On Jul 21, 2015, at 4:07 AM, Lisa Notarianni <lisa.notarianni at scranton.edu> wrote:
>> 
>> In Unity Connection 10.5 is there any way to be notified if a greeting changes?
>> 
>> I need to email the wav file of greetings for groups traveling abroad on service trips each time their greetings change. It would be helpful to know when they change.
>> 
>> It needs to be a greeting because parents will also call in to hear the status update as they progress on their trips.
>> 
>> Any ideas out there?
>> 
>> Thanks,
>> 
>> Lisa Notarianni
>> Manager of Business and Telecom Services
>> The University of Scranton
>> 
>> 
>> 
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>------------------------------
>
>Message: 13
>Date: Tue, 21 Jul 2015 06:16:23 -0600
>From: "NateCCIE" <nateccie at gmail.com>
>To: "'Anthony Holloway'" <avholloway+cisco-voip at gmail.com>, "'Charles
>	Goldsmith'" <wokka at justfamily.org>, "'Ian Anderson'"
>	<ia at andersoi.co.uk>
>Cc: "'Cisco VOIP'" <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>Message-ID: <004601d0c3af$1039c920$30ad5b60$@gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>I think it?s 15 SANS plus *.domain.com and domain.com
>
> 
>
>Pricing is at https://www.digicert.com/wildcard-ssl-certificates.htm
>
> 
>
> 
>
>From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Anthony Holloway
>Sent: Monday, July 20, 2015 11:49 PM
>To: Charles Goldsmith; Ian Anderson
>Cc: Cisco VOIP
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>
> 
>
>That's great to hear about digicert. I just went through a rough time with Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How many SAN entries does digicert limit you to and at what price per year?
>
> 
>
>On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wokka at justfamily.org <mailto:wokka at justfamily.org> > wrote:
>
>One thing of note, Digicert works very well with all of our UC apps with their UC certificate.  Add all of your server names as SAN's, as well as the domain name, and just duplicate the certificate for each app, changing the CN.  It works well and also Digicert has great support.
>
> 
>
>On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <ia at andersoi.co.uk <mailto:ia at andersoi.co.uk> > wrote:
>
>Hi Nate,
>
> 
>
>I think that the concern of using wildcards generaly comes from the security and compliance folks in that if the private key of any of the servers was to be compromised then the resulting public and private keys could be used to impersonate any subdomain, e.g e-payments.domain.com <http://e-payments.domain.com> ..
>
> 
>
>That said, as long as the customer is aware of the risk then the digicert is a fantastic option, although a lot of these issues go away in 10.5.
>
> 
>
>The only app I've had it completely throw a wobble on so far is UCCX 9.0 as this was checking the CN on certificate upload and didn't like * even though the server name as in the SAN.
>
> 
>
>Cheers
>
> 
>
>Ian
>
> 
>
>On 16 July 2015 at 02:35, NateCCIE <nateccie at gmail.com <mailto:nateccie at gmail.com> > wrote:
>
>Most of the time wildcard certs mean you have a CSR and a private key generated by something, and then you upload the private key and the public key to lots of servers.  The application would need to be able to upload a private key and not require its own CSR. 
>
> 
>
>Cucm, unity cxn, uccx, do not support uploading a private key. 
>
> 
>
>Expressway, I think conductor do allow you to upload a private key. 
>
> 
>
>But what makes digicert really cool is you can buy the wildcard cert, then you keep reissuing a new certificate from that one purchase.
>
> 
>
>You can do this from what I understand an unlimited times.
>
> 
>
>There may be other CAs that do this.  I saw one the seemed like it was going to work, but since the CSR did not include the * as a SAN, they would not issue the cert.
>
> 
>
>Digicert with the Willard includes the *.domain.com <http://domain.com>  and domain.com <http://domain.com>  SANs automatically, and you can specify about 15 other SANs for each CSR/cert.
>
> 
>
>So cucm and the other apps are happy because the cert was generated using its own CSR.
>
> 
>
>Using these certs, I had one TAC case where cucm balked at the cert, but I could upload the cluster wide tomcat SAN cert via im&p. This turned out to be a problem with the domain casing not matching between all of the servers and the cert. always use domain.com <http://domain.com>  and not DOMain.com <http://DOMain.com>  and life is happy. 
>
> 
>
>I am not affiliated with digicert other than they are here in Utah also. It just makes life really easy to tell the customer to buy this one cert and O I can make all of the Cisco UC/jabber cert errors go away!
>
> 
>
>Ps. Has anyone figured out what to do with conductor wanting IP address in the SAN?
>
>Sent from my iPhone
>
>
>On Jul 15, 2015, at 10:42 AM, Anthony Holloway <avholloway+cisco-voip at gmail.com <mailto:avholloway+cisco-voip at gmail.com> > wrote:
>
>I'm a little confused here.  According to this article: http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard, and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, wild card certs are not supported.  Are we talking about the same thing here?
>
> 
>
>On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <PedersenE at bennettjones.com <mailto:PedersenE at bennettjones.com> > wrote:
>
>Digicert lets you put your domain and subdomains of any level as SANs. It?s great! They even generated a duplicate certificate for me with a different root CA that was supported with WebEx enabled Telepresence. We use their wildcard certificates on all of our UC servers.
>
> 
>
>From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net <mailto:cisco-voip-bounces at puck.nether.net> ] On Behalf Of Heim, Dennis
>Sent: 15 July 2015 8:28 AM
>To: Ian Anderson; NateCCIE; Cisco VOIP
>
>
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>
> 
>
>I?ve found the hardest thing to find a cert providers that likes putting the domain as a san such as DNS=mycollab.com. Has anyone found any providers that are kosher with that? From one of the Cisco Live sessions, I was told this is needed for service discovery to function properly.
>
> 
>
>Dennis Heim | Emerging Technology Architect (Collaboration)
>
>World Wide Technology, Inc. | +1 314-212-1814 <tel:%2B1%20314-212-1814> 
>
> <https://twitter.com/CollabSensei> 
>
><image002.png> <tel:+13142121814> <image003.png><image004.png>
>
>?There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." ? Sheldon Cooper
>
> 
>
> <https://wwt.webex.com/meet/dennis.heim> Click here to join me in my Collaboration Meeting Room
>
> 
>
>From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ian Anderson
>
>
>Sent: Wednesday, July 15, 2015 10:18 AM
>To: NateCCIE; Cisco VOIP
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>
> 
>
> 
>
>On 15 July 2015 at 15:02, NateCCIE <nateccie at gmail.com <mailto:nateccie at gmail.com> > wrote:
>
>Did you put all of your SANs in the digicert page?
>
>z
>
>I have this working on all of my expressway installs. 
>
>Hi Nate, 
>
> 
>
>Thanks for the quick response, just for preservation in the archives for future posterity and confirmation that digicert seems fine despite the warnings in the manuals, it seemed I was running into 2 separate issues.
>
> 
>
>1) I had uploaded the intermediate cert, but needed to manually download and upload the root CA
>
>2) That then got me past the TLS error, only to find that I had fat-fingered the hostname in the SAN field :-(
>
> 
>
>Cheers
>
> 
>
>Ian 
>
>
>
>The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested. 
>
>If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe 
>
>_______________________________________________
>cisco-voip mailing list
>cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net> 
>https://puck.nether.net/mailman/listinfo/cisco-voip
>
> 
>
>
>_______________________________________________
>cisco-voip mailing list
>cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net> 
>https://puck.nether.net/mailman/listinfo/cisco-voip
>
> 
>
>_______________________________________________
>cisco-voip mailing list
>cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net> 
>https://puck.nether.net/mailman/listinfo/cisco-voip
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/269034c5/attachment-0001.html>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: image001.png
>Type: image/png
>Size: 3876 bytes
>Desc: not available
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/269034c5/attachment-0001.png>
>
>------------------------------
>
>Message: 14
>Date: Tue, 21 Jul 2015 10:27:37 -0400
>From: AbdusSaboor Khan <saboor.khan at gmail.com>
>To: Cisco VoIP List <cisco-voip at puck.nether.net>
>Subject: [cisco-voip] How to send call to 10 digit in ICM Scripting
>Message-ID:
>	<CAPfAR6_HxiZcyXF50NmWkyKy3x0G2MEkMx6evLc=728Qn6eBOA at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>Hi,
>
>Can someone guide me how to send call to to 10 Digits in ICM scripting, as
>sending to some digits label is working fine and then we need to call
>forward on that extension in Call manager. Here is the scenario,
>
>Our Script is like press 1 to an agent
>
>press 2 for field agent (need to forward that call to that agent who is not
>login into CAD)
>
>Regards,
>
>Abdul
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/d6adef30/attachment-0001.html>
>
>------------------------------
>
>Message: 15
>Date: Tue, 21 Jul 2015 10:40:39 -0400
>From: Brian Meade <bmeade90 at vt.edu>
>To: AbdusSaboor Khan <saboor.khan at gmail.com>
>Cc: Cisco VoIP List <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] How to send call to 10 digit in ICM
>	Scripting
>Message-ID:
>	<CAGcuYh0dFFOGnZGYVJoNZEdtmc6NW58n19FnaDrwc5wJTPfAOw at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>Abdul,
>
>Usually you'll want to use the Call Redirect step for something like this.
>
>Brian
>
>On Tue, Jul 21, 2015 at 10:27 AM, AbdusSaboor Khan <saboor.khan at gmail.com>
>wrote:
>
>> Hi,
>>
>> Can someone guide me how to send call to to 10 Digits in ICM scripting, as
>> sending to some digits label is working fine and then we need to call
>> forward on that extension in Call manager. Here is the scenario,
>>
>> Our Script is like press 1 to an agent
>>
>> press 2 for field agent (need to forward that call to that agent who is
>> not login into CAD)
>>
>> Regards,
>>
>> Abdul
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/bb890b83/attachment-0001.html>
>
>------------------------------
>
>Message: 16
>Date: Tue, 21 Jul 2015 10:50:07 -0400
>From: Brian Meade <bmeade90 at vt.edu>
>To: AbdusSaboor Khan <saboor.khan at gmail.com>
>Cc: Cisco VoIP List <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] How to send call to 10 digit in ICM
>	Scripting
>Message-ID:
>	<CAGcuYh0aG65d1ULkHPm6ZXYOyTjEwYAPipM3zdhw7N4yU2Mgng at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>Nevermind, didn't realize how different it was in ICM scripting.
>
>On Tue, Jul 21, 2015 at 10:40 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>
>> Abdul,
>>
>> Usually you'll want to use the Call Redirect step for something like this.
>>
>> Brian
>>
>> On Tue, Jul 21, 2015 at 10:27 AM, AbdusSaboor Khan <saboor.khan at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Can someone guide me how to send call to to 10 Digits in ICM scripting,
>>> as sending to some digits label is working fine and then we need to call
>>> forward on that extension in Call manager. Here is the scenario,
>>>
>>> Our Script is like press 1 to an agent
>>>
>>> press 2 for field agent (need to forward that call to that agent who is
>>> not login into CAD)
>>>
>>> Regards,
>>>
>>> Abdul
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/391fea95/attachment-0001.html>
>
>------------------------------
>
>Message: 17
>Date: Tue, 21 Jul 2015 11:10:54 -0400
>From: chris <tknchris at gmail.com>
>To: cisco-voip at puck.nether.net
>Subject: [cisco-voip] Call abandonment
>Message-ID:
>	<CAKnNFz-dDUT-iutNKBzSS8Cv9PtzfofaJ2nCOd3THwjRSx9K9g at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>Anyone doing any call abandonment with cisco ? We were looking at
>chronicall but doesn't not support cisco. Our site has a small CME install
>with sip trunks so would prefer something sip based so we have flexibility
>going forward
>
>If anyone has any hands on experience or recommendations please do share on
>or off list
>
>Thanks
>Chris
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/974ec8af/attachment-0001.html>
>
>------------------------------
>
>Message: 18
>Date: Tue, 21 Jul 2015 11:24:29 -0400
>From: Justin Steinberg <jsteinberg at gmail.com>
>To: NateCCIE <nateccie at gmail.com>
>Cc: Anthony Holloway <avholloway+cisco-voip at gmail.com>,  Charles
>	Goldsmith <wokka at justfamily.org>, Ian Anderson <ia at andersoi.co.uk>,
>	Cisco VOIP <cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Digicert Wildcard certificates
>Message-ID:
>	<CACCAghY4OU7DW_oOVHReSwWXMUY8iapM-4KMvKpxUSfy1+MHcw at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>While we are on the topic of certs, has anyone had issues with certain CAs
>not allowing top level domain as a SAN (e.g. cisco.com) ?
>
>GoDaddy would complain in the UI that you shouldn't have a top level domain
>as a SAN but would still sign the cert.   I'm having a problem know with
>Internet2/Incommon where it won't let me put a top level domain in the cert
>as a SAN.  It just won't take the CSR.
>
>Justin
>
>On Tue, Jul 21, 2015 at 8:16 AM, NateCCIE <nateccie at gmail.com> wrote:
>
>> I think it?s 15 SANS plus *.domain.com and domain.com
>>
>>
>>
>> Pricing is at https://www.digicert.com/wildcard-ssl-certificates.htm
>>
>>
>>
>>
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
>> Of *Anthony Holloway
>> *Sent:* Monday, July 20, 2015 11:49 PM
>> *To:* Charles Goldsmith; Ian Anderson
>> *Cc:* Cisco VOIP
>>
>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>
>>
>>
>> That's great to hear about digicert. I just went through a rough time with
>> Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How
>> many SAN entries does digicert limit you to and at what price per year?
>>
>>
>>
>> On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wokka at justfamily.org>
>> wrote:
>>
>> One thing of note, Digicert works very well with all of our UC apps with
>> their UC certificate.  Add all of your server names as SAN's, as well as
>> the domain name, and just duplicate the certificate for each app, changing
>> the CN.  It works well and also Digicert has great support.
>>
>>
>>
>> On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <ia at andersoi.co.uk> wrote:
>>
>> Hi Nate,
>>
>>
>>
>> I think that the concern of using wildcards generaly comes from the
>> security and compliance folks in that if the private key of any of the
>> servers was to be compromised then the resulting public and private keys
>> could be used to impersonate any subdomain, e.g e-payments.domain.com..
>>
>>
>>
>> That said, as long as the customer is aware of the risk then the digicert
>> is a fantastic option, although a lot of these issues go away in 10.5.
>>
>>
>>
>> The only app I've had it completely throw a wobble on so far is UCCX 9.0
>> as this was checking the CN on certificate upload and didn't like * even
>> though the server name as in the SAN.
>>
>>
>>
>> Cheers
>>
>>
>>
>> Ian
>>
>>
>>
>> On 16 July 2015 at 02:35, NateCCIE <nateccie at gmail.com> wrote:
>>
>> Most of the time wildcard certs mean you have a CSR and a private key
>> generated by something, and then you upload the private key and the public
>> key to lots of servers.  The application would need to be able to upload a
>> private key and not require its own CSR.
>>
>>
>>
>> Cucm, unity cxn, uccx, do not support uploading a private key.
>>
>>
>>
>> Expressway, I think conductor do allow you to upload a private key.
>>
>>
>>
>> But what makes digicert really cool is you can buy the wildcard cert, then
>> you keep reissuing a new certificate from that one purchase.
>>
>>
>>
>> You can do this from what I understand an unlimited times.
>>
>>
>>
>> There may be other CAs that do this.  I saw one the seemed like it was
>> going to work, but since the CSR did not include the * as a SAN, they would
>> not issue the cert.
>>
>>
>>
>> Digicert with the Willard includes the *.domain.com and domain.com SANs
>> automatically, and you can specify about 15 other SANs for each CSR/cert.
>>
>>
>>
>> So cucm and the other apps are happy because the cert was generated using
>> its own CSR.
>>
>>
>>
>> Using these certs, I had one TAC case where cucm balked at the cert, but I
>> could upload the cluster wide tomcat SAN cert via im&p. This turned out to
>> be a problem with the domain casing not matching between all of the servers
>> and the cert. always use domain.com and not DOMain.com and life is happy.
>>
>>
>>
>> I am not affiliated with digicert other than they are here in Utah also.
>> It just makes life really easy to tell the customer to buy this one cert
>> and O I can make all of the Cisco UC/jabber cert errors go away!
>>
>>
>>
>> Ps. Has anyone figured out what to do with conductor wanting IP address in
>> the SAN?
>>
>> Sent from my iPhone
>>
>>
>> On Jul 15, 2015, at 10:42 AM, Anthony Holloway <
>> avholloway+cisco-voip at gmail.com> wrote:
>>
>> I'm a little confused here.  According to this article:
>> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard,
>> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/,
>> wild card certs are not supported.  Are we talking about the same thing
>> here?
>>
>>
>>
>> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <PedersenE at bennettjones.com>
>> wrote:
>>
>> Digicert lets you put your domain and subdomains of any level as SANs.
>> It?s great! They even generated a duplicate certificate for me with a
>> different root CA that was supported with WebEx enabled Telepresence. We
>> use their wildcard certificates on all of our UC servers.
>>
>>
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
>> Of *Heim, Dennis
>> *Sent:* 15 July 2015 8:28 AM
>> *To:* Ian Anderson; NateCCIE; Cisco VOIP
>>
>>
>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>
>>
>>
>> I?ve found the hardest thing to find a cert providers that likes putting
>> the domain as a san such as DNS=mycollab.com. Has anyone found any
>> providers that are kosher with that? From one of the Cisco Live sessions, I
>> was told this is needed for service discovery to function properly.
>>
>>
>>
>> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>>
>> World Wide Technology, Inc. | +1 314-212-1814
>>
>> [image: twitter] <https://twitter.com/CollabSensei>
>>
>> <image002.png><image003.png> <+13142121814><image004.png>
>>
>> ?There is a fine line between Wrong and Visionary. Unfortunately, you have
>> to be a visionary to see it." ? Sheldon Cooper
>>
>>
>>
>> Click here to join me in my Collaboration Meeting Room
>> <https://wwt.webex.com/meet/dennis.heim>
>>
>>
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net
>> <cisco-voip-bounces at puck.nether.net>] *On Behalf Of *Ian Anderson
>>
>>
>> *Sent:* Wednesday, July 15, 2015 10:18 AM
>> *To:* NateCCIE; Cisco VOIP
>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates
>>
>>
>>
>>
>>
>> On 15 July 2015 at 15:02, NateCCIE <nateccie at gmail.com> wrote:
>>
>> Did you put all of your SANs in the digicert page?
>>
>> z
>>
>> I have this working on all of my expressway installs.
>>
>> Hi Nate,
>>
>>
>>
>> Thanks for the quick response, just for preservation in the archives for
>> future posterity and confirmation that digicert seems fine despite the
>> warnings in the manuals, it seemed I was running into 2 separate issues.
>>
>>
>>
>> 1) I had uploaded the intermediate cert, but needed to manually download
>> and upload the root CA
>>
>> 2) That then got me past the TLS error, only to find that I had
>> fat-fingered the hostname in the SAN field :-(
>>
>>
>>
>> Cheers
>>
>>
>>
>> Ian
>>
>>
>>
>> The contents of this message may contain confidential and/or privileged
>> subject matter. If this message has been received in error, please contact
>> the sender and delete all copies. Like other forms of communication, e-mail
>> communications may be vulnerable to interception by unauthorized parties.
>> If you do not wish us to communicate with you by e-mail, please notify us
>> at your earliest convenience. In the absence of such notification, your
>> consent is assumed. Should you choose to allow us to communicate by e-mail,
>> we will not take any additional security measures (such as encryption)
>> unless specifically requested.
>>
>> If you no longer wish to receive commercial messages, you can unsubscribe
>> by accessing this link: http://www.bennettjones.com/unsubscribe
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/cc9af5a4/attachment-0001.html>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: image001.png
>Type: image/png
>Size: 3876 bytes
>Desc: not available
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/cc9af5a4/attachment-0001.png>
>
>------------------------------
>
>Message: 19
>Date: Tue, 21 Jul 2015 11:49:44 -0400 (EDT)
>From: Lelio Fulgenzi <lelio at uoguelph.ca>
>To: "cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
>Subject: [cisco-voip] E20 - CDP and voice VLANs
>Message-ID:
>	<572237778.902994.1437493784695.JavaMail.zimbra at uoguelph.ca>
>Content-Type: text/plain; charset="utf-8"
>
>
>I've got an E20 that I'd like to get working with our Jabber deployment. 
>
>Does the thing support CDP and voice VLANs or is it working on a data VLAN? 
>
>--- 
>Lelio Fulgenzi, B.A. 
>Senior Analyst, Network Infrastructure 
>Computing and Communications Services (CCS) 
>University of Guelph 
>
>519?824?4120 Ext 56354 
>lelio at uoguelph.ca 
>www.uoguelph.ca/ccs 
>Room 037, Animal Science and Nutrition Building 
>Guelph, Ontario, N1G 2W1 
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/5dd22cc0/attachment-0001.html>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>cisco-voip mailing list
>cisco-voip at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>------------------------------
>
>End of cisco-voip Digest, Vol 141, Issue 18
>*******************************************



More information about the cisco-voip mailing list