[cisco-voip] [EXTERNAL] Re: Cost-Effective Public Certificate Authority for CUCM certificates
Brian Meade
bmeade90 at vt.edu
Mon Feb 21 16:09:12 EST 2022
We've been flipping a lot of customers over to NameCheap now. $50/year for
multi-SAN DV certificates is pretty hard to beat. For
CUCM/Unity/IM&P/UCCX/Expressway, ends up more like $250-$300/year.
They seem to issue certs pretty immediately since it's just Domain
Verification using email.
On Fri, Feb 18, 2022 at 1:17 PM Nick Russo via cisco-voip <
cisco-voip at puck.nether.net> wrote:
> Unfortunately, Cisco doesn't allow for * certs with the UC platform. If
> this is for Jabber MRA, they recently added support for ACME certificates,
> but I haven't used that. The cheapest CA signed certs I've been able to
> find is ssls.com and the full set of certs for a typical cluster is going
> to set you back about $900 a year. They have a couple of Collaboration
> packages that you can use for the multiple domains. Also, they work well
> enough, but the support for ssls.com is pretty weak, so plan on at least
> a week to get your certs ordered, approved, and installed.
>
> On Friday, February 18, 2022, 09:39:50 AM PST, Lelio Fulgenzi <
> lelio at uoguelph.ca> wrote:
>
>
> We use Entrust. But I think we had some sort of "Contract" that allowed
> for a specific number of certs to be issued, all on the credit system.
> Regardless of SANs.
>
> But, you're right. Cisco collab is an expensive solution to provide certs
> for.
>
> I'm really hoping that https://www.incommon.org/certificates/subscribe/ opens
> up to EDUs outside of the U.S. some time (soon).
>
> -----Original Message-----
> From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of James
> Andrewartha
> Sent: Friday, February 18, 2022 4:28 AM
> To: cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] [EXTERNAL] Re: Cost-Effective Public Certificate
> Authority for CUCM certificates
>
> CAUTION: This email originated from outside of the University of Guelph.
> Do not click links or open attachments unless you recognize the sender and
> know the content is safe. If in doubt, forward suspicious emails to
> IThelp at uoguelph.ca
>
>
> Digicert have killed the fact you could issue a cert for
> host.sub.example.com on your *.example.com wildcard, instead they want to
> charge you extra for those hosts so now I'm shopping around. The good news
> is there's now other places that will do wildcards with unlimited reissues
> (which most call "unlimited server licenses").
>
> I tried Comodo/Sectigo Positive Multi Domain Wildcard SSL which can even
> have multiple wildcards on the one certificate, but it only accepts CSRs
> for *.example.com, which UCM/UC/IM&P won't generate. But perhaps that's a
> limitation of the reseller I used. They also have the Comodo/Sectigo Multi
> Domain SSL Certificate (FLEX) which lets you have host SANs, but will
> charge you for each one.
>
> Anyone had success with any other CAs recently?
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
> On 31/3/20 04:49, Brian Meade wrote:
> > In this case, we're doing public certificates internally as well for
> > CUCM Tomcat, Unity Connection Tomcat, UCCX Tomcat, and IM&P CUP-XMPP.
> >
> > Adding the multiple presence domains is pretty easy on the IM&P side
> > and it will automatically add SAN's for those domains in the CSR.
> >
> > Expressway-E will also automatically add all domains to the CSR.
> >
> > On Mon, Mar 30, 2020 at 4:07 PM Jonatan Quezada
> > <jonatan.quezada at chemeketa.edu <mailto:jonatan.quezada at chemeketa.edu>>
> > wrote:
> >
> > Brian, How challenging was it to do the jabber on all three domains?
> >
> > Where do you need the multiDomain cert, on the VCS-edge connector
> > right? Im looking to see what it would take to get this going for
> > our remote workers even though it seems
> > like there are few things to make sure are in place first.
> >
> > for so far its the :
> >
> > certs for dual domain- how
> > provision jabber users
> >
> >
> > On Mon, Mar 30, 2020 at 12:28 PM Brian Meade <bmeade90 at vt.edu
> > <mailto:bmeade90 at vt.edu>> wrote:
> >
> > I was originally going to go with that wildcard option but this
> > customer has 3 different presence domains to match their email
> > domains which makes the CUP-XMPP cert more complicated.
> >
> > This is my personal email so no access to InCommon certificates
> > unfortunately.
> >
> > On Mon, Mar 30, 2020 at 2:59 PM Matthew Ballard
> > <mballard at otis.edu <mailto:mballard at otis.edu>> wrote:
> >
> > We used to use DigiCert Wildcard which offers that (where
> > you can issue multiple certificates with different private
> > keys from the same wildcard cert/purchase).____
> >
> > __ __
> >
> > We switched to using InCommon certificates, which it looks
> > like your University also subscribes to. You should be able
> > to get them internally from whomever licensed that there, as
> > it’s a flat fee service for unlimited certificates.____
> >
> > __ __
> >
> > Matthew Ballard____
> >
> > Director of Technology Infrastructure____
> >
> > Information Systems____
> >
> > Otis College of Art and Design____
> >
> > mballard at otis.edu <mailto:mballard at otis.edu>____
> >
> > __ __
> >
> > __ __
> >
> > __ __
> >
> > *From:*cisco-voip <cisco-voip-bounces at puck.nether.net
> > <mailto:cisco-voip-bounces at puck.nether.net>> *On Behalf Of
> > *Brian Meade
> > *Sent:* Monday, March 30, 2020 11:42 AM
> > *To:* cisco-voip voyp list <cisco-voip at puck.nether.net
> > <mailto:cisco-voip at puck.nether.net>>
> > *Subject:* [cisco-voip] Cost-Effective Public Certificate
> > Authority for CUCM certificates____
> >
> > __ __
> >
> > Does anyone know of any public certificate authorities that
> > have cheaper multi-server SAN certificate options? I had
> > seen some in the past that let you buy a wildcard and then
> > can submit CSR's against that still but having trouble
> > finding that now.____
> >
> > __ __
> >
> > Trying to avoid buying 4 multi-server certificates to cover
> > CUCM Tomcat/Unity Connection Tomcat/UCCX Tomcat/IM&P
> > XMPP.____
> >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> > <https://puck.nether.net/mailman/listinfo/cisco-voip>
> >
> >
> >
> > --
> > During this time of remote work, There will be the need for
> > connectivity to other devices such as a cell phone. If you require
> > assistance forwarding your desk phone to a remote cell or message
> > phone, please email with desk number and where we are forwarding
> > calls. I can do these remotely.
> >
> > Johnny Q
> > Voice Technology Analyst II
> > Chemeketa Community College
> > Johnny.Q at chemeketa.edu <mailto:Johnny.Q at chemeketa.edu>
> > Building 22 Room 130
> > Work 5033995294
> > Cell 5035769873
> > FAX 5033995549
>
> >
> >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20220221/b17eec24/attachment.htm>
More information about the cisco-voip
mailing list