[cisco-voip] [External] Re: certificate renewals - 1 year only - due to Apple changes
Hunter Fuller
hf0002 at uah.edu
Wed Mar 4 13:55:50 EST 2020
Is it possible to install a cert via API? If that works, we can do this
from an admin machine, whether or not the Cisco service (for instance CUCM)
supports it.
--
Hunter Fuller
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
On Wed, Mar 4, 2020 at 12:46 PM Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
> Unfortunately, I can’t justify a telephone system upgrade for the sake of
> auto-renewal of certificates. ☹
>
>
>
> CUCM v11.5 has yet to be announced EOL. (Please Please Please don’t happen
> tomorrow).
>
>
>
> This means we’ve got at least 5 more years to plan accordingly.
>
>
>
> Will they issue an SU to support let’s encrypt? Let’s hope so!
>
>
>
>
>
> *From:* Norton, Mike <mikenorton at pwsd76.ab.ca>
> *Sent:* Wednesday, March 4, 2020 1:38 PM
> *To:* Lelio Fulgenzi <lelio at uoguelph.ca>; voyp list, cisco-voip (
> cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>
> *Subject:* RE: certificate renewals - 1 year only - due to Apple changes
>
>
>
> If two years from now, a product that needs public certificates still
> doesn’t support automated renewals, then it’s a terrible product you should
> have migrated away from two years earlier. The writing has been on the wall
> for a long time. But even for developers who’ve had their heads in sand,
> two years is still plenty of time for them to get a clue. ;-)
>
> -mn
>
>
>
> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of *Lelio
> Fulgenzi
> *Sent:* March 4, 2020 10:52 AM
> *To:* voyp list, cisco-voip (cisco-voip at puck.nether.net) <
> cisco-voip at puck.nether.net>
> *Subject:* [cisco-voip] certificate renewals - 1 year only - due to Apple
> changes
>
>
>
>
>
> So, we’ve gotten word that Apple is thinking of “accepting/trusting” only
> certs that are 13 months old or less.
>
>
>
> https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
>
>
>
> This is a bit of a drag on Jabber deployments due to so many certs being
> needed.
>
>
>
> From what I’ve seen, only Expressway supports auto-renew like let’s
> encrypt.
>
>
>
> From the article, it seems:
>
>
>
> "Certificates issued prior to September 1 will have the same acceptable
> duration as certificates do today, which is 825 days. No action is required
> for these certificates."
>
>
>
> I’m guessing it if says Safari, it’s any cert used by an apple device,
> since the safari engine is used throughout, right?
>
>
>
> We’re planning on renewing soon, so we should be good to go with 2 years.
>
>
>
> But the future?
>
>
>
> What are others planning on doing?
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200304/6d623826/attachment.htm>
More information about the cisco-voip
mailing list