[cisco-voip] multi-SAN / server certificates vs individual certs (CUCM/IMP)

Lelio Fulgenzi lelio at uoguelph.ca
Thu Jun 28 11:17:06 EDT 2018


Wait. What? I understand how the internals of CUCM and IMP can distribute one multi-san cert (built on the publisher’s CSR) to each CUCM and IMP node and uses private keys to ensure they load, but….

How the heck do you install a cert that was built on the pub’s CSR into CUC and UCCx? Or Expressway for that matter?

We are a digicert client, so if you have specific breadcrumbs / drop down options, feel free to share.

Lelio



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Charles Goldsmith <wokka at justfamily.org>
Sent: Thursday, June 28, 2018 10:40 AM
To: Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: voyp list, cisco-voip (cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] multi-SAN / server certificates vs individual certs (CUCM/IMP)

I've used multi-san certs on at least a dozen installs and have had no issues at all.  In fact, with a good SSL provider, you can use the same Multi-SAN on CUCM, CUC, UCCX, Expressways.  I like how Digicert does it, just duplicate the cert and make sure all of the hostnames are listed in the SAN.


On Thu, Jun 28, 2018 at 9:37 AM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

We're in the process of installing signed certs and we have the choice between multi-SAN cert with the publisher CSR and rely on the internals to have that cert distributed to the subs and the imp nodes -OR- go with individual certs.

It's a last minute thing, so I still need to do some research, but I'm wondering what people have been doing out there. We're less concerned with cost than we are future stability. I know that this multi-san support is recent with v10.x - have they ironed out the bugs? We're going with 11.5.

Thoughts?


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:(519)%20824-4120> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180628/a74534dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180628/a74534dc/attachment.png>


More information about the cisco-voip mailing list