[cisco-voip] certificate renewals - 1 year only - due to Apple changes
Lelio Fulgenzi
lelio at uoguelph.ca
Wed Mar 4 13:45:34 EST 2020
Unfortunately, I can’t justify a telephone system upgrade for the sake of auto-renewal of certificates. ☹
CUCM v11.5 has yet to be announced EOL. (Please Please Please don’t happen tomorrow).
This means we’ve got at least 5 more years to plan accordingly.
Will they issue an SU to support let’s encrypt? Let’s hope so!
From: Norton, Mike <mikenorton at pwsd76.ab.ca>
Sent: Wednesday, March 4, 2020 1:38 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca>; voyp list, cisco-voip (cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>
Subject: RE: certificate renewals - 1 year only - due to Apple changes
If two years from now, a product that needs public certificates still doesn’t support automated renewals, then it’s a terrible product you should have migrated away from two years earlier. The writing has been on the wall for a long time. But even for developers who’ve had their heads in sand, two years is still plenty of time for them to get a clue. ;-)
-mn
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> On Behalf Of Lelio Fulgenzi
Sent: March 4, 2020 10:52 AM
To: voyp list, cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>) <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: [cisco-voip] certificate renewals - 1 year only - due to Apple changes
So, we’ve gotten word that Apple is thinking of “accepting/trusting” only certs that are 13 months old or less.
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
This is a bit of a drag on Jabber deployments due to so many certs being needed.
From what I’ve seen, only Expressway supports auto-renew like let’s encrypt.
From the article, it seems:
"Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates."
I’m guessing it if says Safari, it’s any cert used by an apple device, since the safari engine is used throughout, right?
We’re planning on renewing soon, so we should be good to go with 2 years.
But the future?
What are others planning on doing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200304/0deabaa9/attachment.htm>
More information about the cisco-voip
mailing list