[cisco-voip] [External] Re: expressway E GoDaddy certificate
Matthew Huff
mhuff at ox.com
Wed Aug 3 09:23:42 EDT 2022
TAC is the one that showed me. The big clue is that in expressway it has the ability to upload a private key. Why have that feature if you can't extract it?
-----Original Message-----
From: Lelio Fulgenzi <lelio at uoguelph.ca>
Sent: Wednesday, August 3, 2022 9:11 AM
To: Matthew Huff <mhuff at ox.com>; Hunter Fuller <hf0002 at uah.edu>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate
Curious if you passed this method by Cisco/Expressway support.
I find the Expressway support team very critical of any changes to supported methods. It's the only team that doesn't support ESXi maintenance releases unless it's explicitly stated in the document.
-----Original Message-----
From: Matthew Huff <mhuff at ox.com>
Sent: Wednesday, August 3, 2022 7:47 AM
To: Hunter Fuller <hf0002 at uah.edu>; Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate
CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp at uoguelph.ca
Same.
We have a multi-san certificate for our expressway-e cluster from Entrust. You have to create the CSR on the first node in the cluster, install the certificate and then copy the private key via SCP. You then load the private key and certificate into the 2nd server.
To get the private key. Login to the server that has the installed certificate via SCP as root.
The file is privkey.pem in /tandberg/persistent/certs/
-----Original Message-----
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Hunter Fuller
Sent: Tuesday, August 2, 2022 1:37 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] [External] Re: expressway E GoDaddy certificate
Since I just love being contrarian, we are running the same cert on both Expressway-E. It is not GoDaddy though. But feel free to take a look at how this works. Our expe are vbhexpe.voip.uah.edu and libexpe.voip.uah.edu and I've also attached the cert to this email.
--
Hunter Fuller (they)
Router Jockey
VBH M-1C
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
On Tue, Aug 2, 2022 at 9:06 AM Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>
> We’ve always been weary of wildcard and muti-San certs that preclude a certificate for each server. In our case, we have got a multi-san cert for each expressway E (and C for that matter) which includes the server as the primary host, and the peer, cluster name and domain as a SAN.
>
>
>
> I’m lucky that our cert team has got a contract with good inventory, so, a couple of extra multi-SAN certs isn’t a big deal for us.
>
>
>
> At some point, we may consider moving the Expressways to Let’s Encrypt. It’s the only Cisco collab platform that supports it for now.
>
>
>
>
>
> From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of
> Shaihan Jaffrey
> Sent: Tuesday, August 2, 2022 4:21 AM
> To: Cisco VOIP <cisco-voip at puck.nether.net>
> Subject: [cisco-voip] expressway E GoDaddy certificate
>
>
>
> CAUTION: This email originated from outside of the University of
> Guelph. Do not click links or open attachments unless you recognize
> the sender and know the content is safe. If in doubt, forward
> suspicious emails to IThelp at uoguelph.ca
>
>
>
> what is the process to renew Public certificate on Expressway E
> through
>
> GoDaddy.
>
> Is one certificate sufficient for primary and secondary exp-e?
>
>
>
> do we have to get certificates based on FQDN?
>
>
>
> Regards
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list