[cisco-voip] can CUCM config w/ FQDN be avoided any more?

Dave Goodwin dave.goodwin at december.net
Tue Sep 19 12:04:17 EDT 2017


You can still have an FQDN in the certificate (which is I believe what the
commercial CA will look for), while in System > Server be defined with IP
addresses. As far as I know, the two are not related. What I'm not really
sure of, and I've never taken the time to fully quantify, is whether there
is a way to populate FQDNs in the certs (e.g. by configuring DNS at install
time) but then after that completely remove all DNS configuration and
dependence upon it. Both for endpoint>server and all server>server
functions.

On Tue, Sep 19, 2017 at 11:33 AM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
> So, we, like many others, went with IP addresses as hostname in our CUCM
> cluster. Best practice, avoid DNS issues, etc.
>
> But now, certificate authorities will not grant certificates to private IP
> addresses and we need (would like) publicly signed certificates to avoid
> those pesky errors.
>
> I really can't see a way to avoid not using FQDN in CUCM configs any
> longer.
>
> From what I recall, the reliance on DNS was on system/service (re)start-up
> and after that, no real reliance. Not sure if the local tables age out or
> not.
>
> What are people's thoughts and experiences?
>
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
>
> 519-824-4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170919/3505e48c/attachment.html>


More information about the cisco-voip mailing list