[cisco-voip] Expressway cluster certificates.
ROZA, Ariel
Ariel.ROZA at LA.LOGICALIS.COM
Mon Oct 14 17:40:16 EDT 2019
Hi Ryan,
Both Expressway servers are signed by the internal CA. I have uploaded the root and intermediate certificates, too.
But I am renewing the certificates on an existing cluster, and whoever instelled it, they manually added the ExpC certs into tomcat-trust.
So, I understand that it would be safe to remove the ExpC certs from tomcat-trust and everything would be working fine?
What about the use the cluster name/don´t use the cluster name contradiction?
Thanks,
Ariel.
De: Ryan Huff <ryanhuff at outlook.com>
Enviado el: lunes, 14 de octubre de 2019 18:14
Para: ROZA, Ariel <Ariel.ROZA at LA.LOGICALIS.COM>
CC: cisco-voip (cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>
Asunto: Re: [cisco-voip] Expressway cluster certificates.
Are the expressway-C server using self-signed certificates (I doubt it because you said they are multi-san)?
Generally, CUCM doesn’t need to trust the identity certificate (unless it is self signed). In all other cases, CUCM needs to trust the certificate authority the signed the expressway-c certificates.
If for example, GoDaddy signed the SSL certificates for the Expressway-C, CUCM just needs to trust the GoDaddy certificate authority chain.
Sent from my iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20191014/8c206751/attachment.htm>
More information about the cisco-voip
mailing list