[cisco-voip] collab edge dns/SSL cert

[Matthew Loraditch]

https://www.sslshopper.com/csr-decoder.html

Try dumping the csr in there and see if you see something unexpected.

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ed Leatherman
Sent: Monday, June 1, 2015 9:41 AM
To: Cisco VOIP
Subject: [cisco-voip] collab edge dns/SSL cert

Hello everyone!

I'm getting an error kicked back from GoDaddy trying to sign my expressway-e cert, looking for a sanity check here.

I'm setting up the external side as a cluster (of 1 currently), I'd like for my users to be able to sign in as username at domain.edu<mailto:username at domain.edu> for MRA.

dns:
expressway-e is expe-cluster1-node1.domain.edu<http://expe-cluster1-node1.domain.edu>
srv = _collab-edge._tls.domain.edu<http://tls.domain.edu> , sips._tcp.domain.edu<http://tcp.domain.edu> both point to the expe-cluster1-node1

exp-e cluster name is domain.edu<http://domain.edu>

on my CSR i have it set to generate a SAN for FQDN of expressway cluster plus FQDN of this peer, so:
DNS:expe-cluster1-node1.domain.edu<http://expe-cluster1-node1.domain.edu>
DNS:domain.edu<http://domain.edu>

GoDaddy kicks back an error saying "You can not add a SAN that is the same as the domain you are already using."

Is my dns/SAN configuration incorrect or is this a deficiency with godaddy (standard UCC cert)? Or did I miss the boat completely (totally possible!)





--
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150601/50fbe94e/attachment.html>