[cisco-voip] re-genarate certifications
Ryan Ratliff (rratliff)
rratliff at cisco.com
Fri Jun 23 13:00:45 EDT 2017
The signing of the CTL and ITL is easy to fix.
The bigger problem is the automatic phone reset.
-Ryan
On Jun 23, 2017, at 12:58 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
I suspect that would just obliterate CTL every time certbot runs the renewal ... every 3 months all phones reject registration... fun stuff.
I suspect there would have to be a fundamental change with TVS and the SBD architecture.
-Ryan
On Jun 23, 2017, at 12:44 PM, Ryan Ratliff (rratliff) <rratliff at cisco.com<mailto:rratliff at cisco.com>> wrote:
Letsencrypt has 90-day certificates and they auto-renew at 60 days (IIRC).
If you think that’s ok for a CUCM you really need to come listen to me on Monday morning.
-Ryan
On Jun 23, 2017, at 12:15 PM, Charles Goldsmith <wokka at justfamily.org<mailto:wokka at justfamily.org>> wrote:
Nothing has been announced about it that I'm aware of, but it would be awesome if they did. It only makes sense since Cisco is a major sponsor of Let's Encrypt.
CUCM, CUC, UCCX, IM&P and Expressway should be the priority in my mind :) After that, CIMC (updated for all m3 and higher hosts of course), and after that, you can throw a bone to the security, wireless and R&S groups...
On Fri, Jun 23, 2017 at 10:11 AM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
Is 12.x going to support ACME?
Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814<tel:(314)%20212-1814>
<image001.gif><https://twitter.com/CollabSensei>
<image002.gif><image003.gif><tel:+13142121814><image004.gif>
"Worry less about who you might offend, and more about who you might inspire" -- Tim Allen
“When you have unlimited time, its easy” – Captain Chesley Sullenberger
“There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper
“The greatest danger for most of us is not that our aim is too high and we miss it, but that it is too low and we reach it.” -- Michelangelo Buonarroti
“We should transform the way we work” – Rowan Trollope
“If you’re not failing every now and again, it’s a sign you’re not doing anything very innovative” – Woody Allen
Click here to join me in my Collaboration Meeting Room<https://wwt.webex.com/meet/dennis.heim>
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Anthony Holloway
Sent: Thursday, June 22, 2017 1:00 PM
To: Ryan Ratliff (rratliff) <rratliff at cisco.com<mailto:rratliff at cisco.com>>
Cc: cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] re-genarate certifications
Like how 12.0 seamlessly integrates with https://letsencrypt.org/?
On Thu, Jun 22, 2017 at 11:31 AM Ryan Ratliff (rratliff) <rratliff at cisco.com<mailto:rratliff at cisco.com>> wrote:
Since I have the bright and way-too-early Monday 8AM slot this year I need all the advertisement I can get :)
The deck got a big overhaul for Berlin this year and next week won’t be much different than the recording I linked to earlier, though I do get to talk about some cool stuff coming in 12.0.
-Ryan
On Jun 22, 2017, at 12:21 PM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:
Geez Philip! Way to be pushy about your session! ;)
I was in this session (sitting behind Josh Warcop of all people) and it was really informative. It was at the time when multi-server Tomcat certificates were just coming out and the session really helped prepare me for that new feature.
On Thu, Jun 22, 2017 at 8:34 AM Ryan Ratliff (rratliff) <rratliff at cisco.com<mailto:rratliff at cisco.com>> wrote:
I would highly recommend checking out https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93902&backBtn=true.
(BRKUCC-2501 from ciscolive365.com<http://ciscolive365.com/> if that link does not work).
Yes, it’s my session but with CLUS next week hopefully nobody minds the plug.
-Ryan
On Jun 21, 2017, at 8:02 PM, erik.anderson.85 at gmail.com<mailto:erik.anderson.85 at gmail.com> wrote:
Take a look at the link below, it walks through what each cert does so it should help you understand the impacts. From my experience working with non-secured clusters you need to do one cert at a time to allow CUCM to push out that cert to the phones. Since the phones essentially use 2 certs trust CUCM you can regen them in stages.
http://www.cisco.com/image/gif/paws/117299/117299-problemsolution-product-00.pdf
-Erik Anderson
From: Samadi boukil<mailto:boukilsamadi at gmail.com>
Sent: Wednesday, June 21, 2017 6:32 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] re-genarate certifications
Hi,
I want to know about the ampact(s) of re-generation of certifications on CUCM 8.x (call manager in Mode secure).
thanks.
--
SAMADI Boukil
Élève Ingénieur
Génie Télécommunications & Réseaux
[https://docs.google.com/uc?export=download&id=0B_xjs74PFblZS01PWV91S01WWXM&revid=0B_xjs74PFblZYkhMeVRWYkdhZ2tIN3lHaG5NK3RMZWIrRlRNPQ]Profile LinkdeIn<https://www.linkedin.com/in/boukil-samadi>
[https://docs.google.com/uc?export=download&id=0B_xjs74PFblZWU9hNzB0cDQwblE&revid=0B_xjs74PFblZZ1M3b2JBTFp0MjVJL2orUE1OcmZHRStwUE1VPQ]+212696184254<tel:+212%20696-184254>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170623/d10bcb9c/attachment.html>
More information about the cisco-voip
mailing list