[cisco-voip] Expressway certificate advice required.

Matthew Loraditch MLoraditch at heliontechnologies.com
Fri Mar 20 09:49:37 EDT 2015 

Yep, not that this proves its working, but I can assure you it is, you can see my cert in any browser and see the SANs: https://edge.heliontechnologies.com:8443/


Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: Kevin Przybylowski [mailto:kevinp at advancedtsg.com]
Sent: Friday, March 20, 2015 9:44 AM
To: Matthew Loraditch; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Expressway certificate advice required.

CUCM/Unity Multi-Server cert?  Have you tried it recently with the ‘www.commonname” inserted as a SAN?

From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com]
Sent: Friday, March 20, 2015 9:24 AM
To: Kevin Przybylowski; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] Expressway certificate advice required.

For what it’s worth, I use godaddy certs on our internal deployment and the one customer I have done so far and they work fine without any issues.

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Kevin Przybylowski
Sent: Friday, March 20, 2015 9:15 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Expressway certificate advice required.

I was informed by TAC a few weeks ago that godaddy is not supported for multi san certs on Cisco UC.  This is due to godaddy inserting a SAN www.CN<http://www.CN> that is not in the Cisco CSR and causes a SAN mismatch error.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Rajkumar Yadav
Sent: Friday, March 20, 2015 4:58 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Expressway certificate advice required.

Hi,

Need few clarification for the Expressway MRA and certificate.

we have bought Multi san certificate from Go Daddy for UC applications.

Step 1:

If the certificate management part is done on the CUCM publisher for Tomcat with Multi San capabilities it would include the FQDN of all CUCM ( Pub & Sub), CUC, Im & Presence and domain.com.
Also i have to repeat the step for the Im & Presence server with Cup XMPP.

Step2:

Now if I'm doing the expressway (MRA) certificate management for traversal zone with Multi San capabilities, then will it include all the above FQDN and is it i don't have to perform step 1.

If i don't perform step 1, will it Jabber clients will not throw error for certificate acceptance (both inside and outside).

Please confirm is it both need to be done or just step 2 is enough ?


Regards,
Raaj.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150320/135aa940/attachment.html>

More information about the cisco-voip mailing list