[cisco-voip] Very Strange SSL Issue...
Ryan Ratliff (rratliff)
rratliff at cisco.com
Wed May 27 09:49:30 EDT 2015
The requirement of the CN being in the SAN is a browser thing, not a server issue. It’s also going to be a CA requirement going forward if you buy certs from external CAs.
-Ryan
On May 27, 2015, at 7:29 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
That makes sense, but I know I’ve done this before w/o issue, albeit I may not have been at precisely the version this server was at in this scenario (single server 10.5.2SU1).
Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>
From: Andrew Grech [mailto:agrech88 at gmail.com]
Sent: Wednesday, May 27, 2015 6:18 AM
To: Matthew Loraditch
Cc: Ryan Ratliff (rratliff); cisco-voip voyp list
Subject: Re: [cisco-voip] Very Strange SSL Issue...
When issuing certs with SANS the CN needs to included as a SAN. FYI
On Wed, May 27, 2015 at 6:57 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
The only SAN was the root of the domain name.. but I removed that and now it works. Oddest thing I’ve seen in a while..
Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>
From: Ryan Ratliff (rratliff) [mailto:rratliff at cisco.com<mailto:rratliff at cisco.com>]
Sent: Thursday, May 21, 2015 2:41 PM
To: Matthew Loraditch
Cc: cisco-voip voyp list
Subject: Re: [cisco-voip] Very Strange SSL Issue...
Check and see if the CN is also a SAN. I’ve seen recent browsers that ignore CN if any SAN is present.
-Ryan
On May 20, 2015, at 1:31 PM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
Has anyone ever seen where you put a cert on CUCM/CUCXN/IM&P and the Subject name matches but your browser insists it doesn’t? I can’t figure this out. I checked as best I could for spaces like mentioned in Lelio’s recent thread about a CSR and I have no indication of that.
I honestly don’t have a clue where to go, it’s not really a server issue as the server is just presenting the cert I installed, but I have it on both UCxn and CCM/IM&P. I can’t believe I put an errant space on both servers…
Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150527/e3ed354c/attachment.html>
More information about the cisco-voip
mailing list