[cisco-voip] Finesse cert error

Scott Voll svoll.voip at gmail.com
Fri Apr 28 10:12:39 EDT 2017 

So is it only the Tomcat Cert I need to reissue?  if I reissue, does it
affect any other systems, (such as CM)?

Just need to schedule maintenance.

TIA

Scott


On Fri, Apr 28, 2017 at 4:25 AM, Abhiram Kramadhati (akramadh) <
akramadh at cisco.com> wrote:

> Hi guys,
>
>
>
> The certificate should contain subjectAltName(SAN), and you should not
> have any issues. If you were using CN, ensure it is now in the SAN. The
> same is documented here: https://productforums.google.
> com/forum/#!msg/chrome/5f1Kp_ntUwU/CfER8_JKDwAJ
>
>
>
> The team looked at this today and for CA signed certificates with the
> above config, there are no issues on the latest Chrome/FF. If you are still
> facing issues, can you send me the screenshot and details?
>
>
>
> Regards,
>
> Abhiram Kramadhati
>
> Technical Solutions Manager, CCBU
>
> CCIE Collaboration # 40065
>
>
>
>
>
> *From: *cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of
> Nathan Reeves <nathan.a.reeves at gmail.com>
> *Date: *Friday, 28 April 2017 at 4:04 AM
> *To: *Scott Voll <svoll.voip at gmail.com>
> *Cc: *"cisco-voip at puck.nether.net" <cisco-voip at puck.nether.net>
> *Subject: *Re: [cisco-voip] Finesse cert error
>
>
>
> Chrome stopped supporting Common Name matching in the latest release 58
> which dropped in the last week or so.  This would cause the error you
> referenced below.  Looks like it now only supports names in the
> subjectAlternativeName field of the cert.
>
>
>
> Hope this assists
>
>
>
> Nathan
>
> On Thursday, April 27, 2017, Scott Voll <svoll.voip at gmail.com> wrote:
>
> OK, as of yesterday I started having reports of users in Chrome and
> Firefox getting an error connecting to the Finesse webpage.
>
>
>
> Looking at the cert It's sha2 but I get Not secure in FF and not private
> in Chrome.
>
>
>
> Chome complains of NET::ERR_CERT_COMMON_NAME_INVALID
>
>
>
> cert is internal CA and the sigature algorithim is Sha512RSA hash is SHa512
>
>
>
> The only thing that looks a little questionable is in the subject, I also
> have the serial number and the hostname is CAPs not lower case
>
>
>
> UCCx 11.5.1.10000-61
>
>
>
>
> Any thoughts?
>
>
>
> TIA
>
>
>
> Scott
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170428/941cc3cc/attachment.html>

More information about the cisco-voip mailing list