[cisco-voip] [External] Re: expressway E GoDaddy certificate

Lelio Fulgenzi lelio at uoguelph.ca
Wed Aug 3 09:44:32 EDT 2022 

That's great then. 

I remember at one point, calling for support, one Expressway TAC person told me that dual nic isn't supported on E. I was all, "hold your horses..."

Only after some discussion was it revealed to them that it wasn't only supported but recommended. Lol


-----Original Message-----
From: Matthew Huff <mhuff at ox.com> 
Sent: Wednesday, August 3, 2022 9:24 AM
To: Lelio Fulgenzi <lelio at uoguelph.ca>; Hunter Fuller <hf0002 at uah.edu>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate

CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp at uoguelph.ca


TAC is the one that showed me. The big clue is that in expressway it has the ability to upload a private key. Why have that feature if you can't extract it?

-----Original Message-----
From: Lelio Fulgenzi <lelio at uoguelph.ca>
Sent: Wednesday, August 3, 2022 9:11 AM
To: Matthew Huff <mhuff at ox.com>; Hunter Fuller <hf0002 at uah.edu>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate

Curious if you passed this method by Cisco/Expressway support. 

I find the Expressway support team very critical of any changes to supported methods. It's the only team that doesn't support ESXi maintenance releases unless it's explicitly stated in the document. 

-----Original Message-----
From: Matthew Huff <mhuff at ox.com>
Sent: Wednesday, August 3, 2022 7:47 AM
To: Hunter Fuller <hf0002 at uah.edu>; Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate

CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp at uoguelph.ca


Same.

We have a multi-san certificate for our expressway-e cluster from Entrust. You have to create the CSR on the first node in the cluster, install the certificate and then copy the private key via SCP. You then load the private key and certificate into the 2nd server.

To get the private key. Login to the server that has the installed certificate via SCP as root.

The file is privkey.pem in /tandberg/persistent/certs/



-----Original Message-----
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Hunter Fuller
Sent: Tuesday, August 2, 2022 1:37 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: Cisco VOIP <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] [External] Re: expressway E GoDaddy certificate

Since I just love being contrarian, we are running the same cert on both Expressway-E. It is not GoDaddy though. But feel free to take a look at how this works. Our expe are vbhexpe.voip.uah.edu and libexpe.voip.uah.edu and I've also attached the cert to this email.

--
Hunter Fuller (they)
Router Jockey
VBH M-1C
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Network Engineering

On Tue, Aug 2, 2022 at 9:06 AM Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>
> We’ve always been weary of wildcard and muti-San certs that preclude a certificate for each server. In our case, we have got a multi-san cert for each expressway E (and C for that matter) which includes the server as the primary host, and the peer, cluster name and domain as a SAN.
>
>
>
> I’m lucky that our cert team has got a contract with good inventory, so, a couple of extra multi-SAN certs isn’t a big deal for us.
>
>
>
> At some point, we may consider moving the Expressways to Let’s Encrypt. It’s the only Cisco collab platform that supports it for now.
>
>
>
>
>
> From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of 
> Shaihan Jaffrey
> Sent: Tuesday, August 2, 2022 4:21 AM
> To: Cisco VOIP <cisco-voip at puck.nether.net>
> Subject: [cisco-voip] expressway E GoDaddy certificate
>
>
>
> CAUTION: This email originated from outside of the University of 
> Guelph. Do not click links or open attachments unless you recognize 
> the sender and know the content is safe. If in doubt, forward 
> suspicious emails to IThelp at uoguelph.ca
>
>
>
> what is the process to renew Public certificate on Expressway E 
> through
>
> GoDaddy.
>
> Is one certificate sufficient for primary and secondary exp-e?
>
>
>
> do we have to get certificates based on FQDN?
>
>
>
> Regards
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list