<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16915" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Consolas;
}
@font-face {
font-family: Verdana;
}
@font-face {
font-family: Times;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
P {
FONT-SIZE: 12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 99; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto
}
PRE {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Courier New"; mso-style-priority: 99; mso-style-link: "HTML Preformatted Char"
}
SPAN.HTMLPreformattedChar {
FONT-FAMILY: Consolas; mso-style-priority: 99; mso-style-link: "HTML Preformatted"; mso-style-name: "HTML Preformatted Char"
}
SPAN.EmailStyle21 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=027291521-24112009><FONT face=Arial
color=#0000ff size=2>Given that they're all domain-joined machines, and the CA
server is a DC, then yes, all domain workstations should
trust a certificate offered by the tomcat server and signed by their
own DC.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=027291521-24112009><FONT face=Arial
color=#0000ff size=2>Same as with using Outlook Web Access on
IIS.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=027291521-24112009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=027291521-24112009></SPAN><SPAN
class=027291521-24112009><FONT face=Arial color=#0000ff size=2>I'm just having
trouble getting the CSR to be enrolled to get a certificate back to import into
the tomcat server on UCM</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=027291521-24112009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Tim Reimers</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Systems Analyst II</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Information Technology
Services</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>City of Asheville</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>70 Court Plaza</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Asheville, NC 28801</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>phone - 828-259-5512</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><A
href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</A></FONT></DIV>
<DIV> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Jason Aarons (US)
[mailto:jason.aarons@us.didata.com] <BR><B>Sent:</B> Tuesday, November 24, 2009
4:16 PM<BR><B>To:</B> Tim Reimers; ROZA, Ariel; Carter, Bill;
cisco-voip@puck.nether.net<BR><B>Subject:</B> RE: [cisco-voip] Self-Signed
Certificates on CallManager<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'">The
question is does your browser trust whatever certificate you put in your
CallManager. If you don’t use something trusted by your browser (doesn’t
have to be public) then you’ll need to look at your Trusted Root and/or
push out trust info, or have end users manually accept the certificate (which in
a large network would be realistic).<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net]
<B>On Behalf Of </B>Tim Reimers<BR><B>Sent:</B> Tuesday, November 24, 2009 4:03
PM<BR><B>To:</B> ROZA, Ariel; Carter, Bill;
cisco-voip@puck.nether.net<BR><B>Subject:</B> Re: [cisco-voip] Self-Signed
Certificates on CallManager<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">I've
been working on just generating CSRs to use with my own Microsoft CA
server.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">No need
IMO for a pubic CA issuer, since nothing on your UCM is going to be viewed by
the general public anyway.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">From the
UCM Security Guide for version 6.11:</SPAN><o:p></o:p></P>
<P><B><SPAN
style="FONT-SIZE: 18pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">"Support
for Certificates from External CAs</SPAN></B><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></B></P>
<P><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Times','serif'">Cisco Unified
Communications Manager supports integration with third-party certificate
authorities (CAs) by using a PKCS#10 certificate signing request (CSR)
mechanism, which is accessible at the Cisco Unified Communications Operating
System Certificate Manager GUI. Customers who currently use third-party CAs
should use the CSR mechanism to issue certificates for Cisco Unified
Communications Manager, CAPF, IPSec, and Tomcat.</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times','serif'"><o:p></o:p></SPAN></P>
<P style="MARGIN-LEFT: 2.5in"><B><SPAN
style="FONT-SIZE: 7.5pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Note</SPAN></B><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Times','serif'">This release
of Cisco Unified Communications Manager does not provide SCEP interface
support.</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Times','serif'">Cisco has
verified the PKCS#10 CSR support mechanism with these CAs: Keon and Microsoft.
Cisco has not verified certificate issuance with other external CAs that support
PKCS#10 CSRs.</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></P>
<P><SPAN style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Times','serif'">Be
sure to run the CTL client after you upload a third-party, CA-signed certificate
to the platform to update the CTL file. After running the CTL client, restart
the appropriate service(s) for the update; for example, restart Cisco
CallManager and Cisco Tftp services when you update the Cisco Unified
Communications Manager certificate, restart CAPF when you update the CAPF
certificate, and so on. See "Configuring the Cisco CTL Client" section on page
3-1 for the update procedure.</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></P>
<P><SPAN style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Times','serif'">For
information on generating Certificate Signing Requests (CSRs) at the platform,
refer to the <I>Cisco Unified Communications Operating System Administration
Guide </I>that supports this Cisco Unified Communications Manager
release."</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">It looks to me like
I'll have to run the CTL Client after I install my CA
certificate.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">One problem I'm
having is that my CA is not showing the Web Server template at the
http://mycaserver/cert.svc" URL</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">It's only showing
Basic EFS, IPSec, and User</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">I don't know if I
could use the User one.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">The Web Server
template appears in the .msc applet, but when I submit my CSR from within the
.msc, an error tells me that my CSR from UCM/tomcat doesn't
contain info about which template to use</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">(as I could have
selected from the web interface, if Web Server template was
available)</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">So I'm a little
stumped as to how to submit the CSR without an embedded
template.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Some people have said
"Just upgrade to Server 2003 Enterprise" --- that's not an option really --
costwise, I'm being told it's not that big a problem, and being asked why
Microsoft won't allow Standard to do this. Or I'm being told that since you can
get a CSR from IIS and do this with Standard 2003,
then Apache/tomcat on UCM should as well.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">And TAC is no help --
they rarely understand Microsoft stuff -- and their test CAs are all
Enterprise.</SPAN><o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal> <o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Tim
Reimers</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Systems Analyst
II</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Information
Technology Services</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">City of
Asheville</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">70 Court
Plaza</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Asheville, NC
28801</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">phone -
828-259-5512</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><A
href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</A></SPAN><o:p></o:p></P>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center>
<HR align=center width="100%" SIZE=2>
</DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net]
<B>On Behalf Of </B>ROZA, Ariel<BR><B>Sent:</B> Tuesday, November 24, 2009 3:23
PM<BR><B>To:</B> Carter, Bill; cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] Self-Signed Certificates on CallManager</SPAN><o:p></o:p></P>
<DIV id=idOWAReplyText8821>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Arial','sans-serif'">Bill,</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> Although not
issued by a Public CA; you can make your browser accept the certificates of you
CCM as valid, and not display a warning.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> Most modern
browser have an option to manually import the certificate in your computer´s
local certificate store. You usually see this option when handling an invalid
certificate.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> For example,
in Internet Explorer 8, you can see the button "Certificate invalid" besides the
address bar after you click in the option ¨Continue to this website". If you
click this button, you will se a dialog that shows you the certificate in
question and allows you to import it.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Keep in mind that for
the certificate to be recognized as valid, you would have to access the CCM
server via its hostname and not it´s IP
Adress.</SPAN><o:p></o:p></P></DIV></DIV>
<DIV id=idSignature77901>
<DIV>
<TABLE class=MsoNormalTable style="WIDTH: 674.25pt" cellSpacing=0 cellPadding=0
width=899 border=0>
<TBODY>
<TR style="HEIGHT: 34.5pt">
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; PADDING-TOP: 0in; HEIGHT: 34.5pt"
vAlign=top></TD>
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; PADDING-TOP: 0in; HEIGHT: 34.5pt"
vAlign=top></TD></TR>
<TR style="HEIGHT: 0.25in">
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; WIDTH: 12.75pt; PADDING-TOP: 0in; HEIGHT: 0.25in"
vAlign=top width=17>
<P class=MsoNormal> <o:p></o:p></P></TD>
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; WIDTH: 661.5pt; PADDING-TOP: 0in; HEIGHT: 0.25in"
vAlign=top width=882>
<DIV>
<P class=MsoNormal><STRONG><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #ff3300; FONT-FAMILY: 'Verdana','sans-serif'">ARIEL
ROZA</SPAN></STRONG><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #666666; FONT-FAMILY: 'Verdana','sans-serif'"><BR></SPAN><STRONG><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #333333; FONT-FAMILY: 'Verdana','sans-serif'">Service
Delivery Engineer</SPAN></STRONG><o:p></o:p></P></DIV></TD></TR>
<TR style="HEIGHT: 71.25pt">
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; WIDTH: 12.75pt; PADDING-TOP: 0in; HEIGHT: 71.25pt"
width=17>
<P class=MsoNormal> <o:p></o:p></P></TD>
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; WIDTH: 661.5pt; PADDING-TOP: 0in; HEIGHT: 71.25pt"
width=882>
<DIV>
<P class=MsoNormal><STRONG><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #ff3300; FONT-FAMILY: 'Verdana','sans-serif'">LOGICALIS</SPAN></STRONG><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #666666; FONT-FAMILY: 'Verdana','sans-serif'"><BR></SPAN><SPAN
style="FONT-SIZE: 7.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'">Peru
327 1° Piso - C.A.B.A. - Argentina - C1063ACH<BR>Tel/Fax: +54 (11)
4344-0300<BR><U>ariel.roza@la.logicalis.com</U></SPAN><SPAN
style="FONT-SIZE: 7.5pt; FONT-FAMILY: 'Verdana','sans-serif'"><BR><U><SPAN
style="COLOR: purple">www.la.logicalis.com</SPAN><SPAN
style="COLOR: #ff3300"><BR></SPAN><SPAN
style="COLOR: purple">www.logicalisnow.com</SPAN></U></SPAN><o:p></o:p></P></DIV></TD></TR>
<TR style="HEIGHT: 46.5pt">
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; PADDING-TOP: 0in; HEIGHT: 46.5pt">
<P class=MsoNormal> <o:p></o:p></P></TD>
<TD
style="PADDING-RIGHT: 0in; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; PADDING-TOP: 0in; HEIGHT: 46.5pt"
vAlign=top>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 7.5pt; COLOR: green; FONT-FAMILY: 'Verdana','sans-serif'">Por
favor, piense en el medioambiente antes de imprimir este
email.</SPAN><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #666666; FONT-FAMILY: 'Verdana','sans-serif'">
<BR></SPAN><SPAN
style="FONT-SIZE: 7.5pt; COLOR: #333333; FONT-FAMILY: 'Verdana','sans-serif'">La
presente información se envía únicamente para el destinatario, y contiene
información de carácter CONFIDENCIAL o PRIVLEGIADA.<BR>La modificación,
retransmisión, difusón, copia u otro uso de esta información por cualquier
medio, por personas distintas al destinatario, están estrictamente
prohibidas.</SPAN><o:p></o:p></P></TD></TR></TBODY></TABLE></DIV></DIV>
<DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center>
<HR align=center width="100%" SIZE=2>
</DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"> Carter,
Bill<BR><B>Sent:</B> Sat 21/11/2009 19:52<BR><B>To:</B>
cisco-voip@puck.nether.net<BR><B>Subject:</B> [cisco-voip] Self-Signed
Certificates on CallManager</SPAN><o:p></o:p></P></DIV>
<DIV><PRE style="WORD-WRAP: break-word">I don't know much about certificates and CA....I understand web sites etc. that use SSL have registered their certificates with a CA. When we install CallManager it uses SSL with self-signed certificates. When web'ng into UCM the browsers display the a certificate error. I believe this is because the certificate is not registered with a recognized CA.<o:p></o:p></PRE><PRE> <o:p></o:p></PRE><PRE>I understand, if an organization already has a business relationship with a CA, a "valid" certificate can be loaded on UCM. Is it possible for Cisco to provide certificates on UCM that are registered with a CA so we don't get the browser errors? Or is it a requirement that the end user obtain valid certificates for their own servers? Like I said, I don't know the mechanics of how certificates work.<o:p></o:p></PRE><PRE> <o:p></o:p></PRE><PRE>Thanks,<o:p></o:p></PRE><PRE>Bill<o:p></o:p></PRE><PRE> <o:p></o:p></PRE><PRE> <o:p></o:p></PRE><PRE>_______________________________________________<o:p></o:p></PRE><PRE>cisco-voip mailing list<o:p></o:p></PRE><PRE>cisco-voip@puck.nether.net<o:p></o:p></PRE><PRE>https://puck.nether.net/mailman/listinfo/cisco-voip<o:p></o:p></PRE></DIV></DIV>
<P>
<HR SIZE=1>
<P></P>
<P><STRONG>Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the designated
addressee(s) named above only. If you are not the intended addressee, you are
hereby notified that you have received this communication in error and that any
use or reproduction of this email or its contents is strictly prohibited and may
be unlawful. If you have received this communication in error, please notify us
immediately by replying to this message and deleting it from your computer.
Thank you. </STRONG></P></BODY></HTML>