[cisco-voip] Expressway certificate advice required.

[Kevin Przybylowski]

I was informed by TAC a few weeks ago that godaddy is not supported for multi san certs on Cisco UC.  This is due to godaddy inserting a SAN www.CN<http://www.CN> that is not in the Cisco CSR and causes a SAN mismatch error.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Rajkumar Yadav
Sent: Friday, March 20, 2015 4:58 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Expressway certificate advice required.

Hi,

Need few clarification for the Expressway MRA and certificate.

we have bought Multi san certificate from Go Daddy for UC applications.

Step 1:

If the certificate management part is done on the CUCM publisher for Tomcat with Multi San capabilities it would include the FQDN of all CUCM ( Pub & Sub), CUC, Im & Presence and domain.com.
Also i have to repeat the step for the Im & Presence server with Cup XMPP.

Step2:

Now if I'm doing the expressway (MRA) certificate management for traversal zone with Multi San capabilities, then will it include all the above FQDN and is it i don't have to perform step 1.

If i don't perform step 1, will it Jabber clients will not throw error for certificate acceptance (both inside and outside).

Please confirm is it both need to be done or just step 2 is enough ?


Regards,
Raaj.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150320/8130061f/attachment.html>