<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Tandber’s documentation also has you generating CSRs with 1024 bits which won’t be accepted…..stale documentation…<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.tandberg.com/collateral/documentation/Deployment_Guides/Cisco_VCS_Certificate_Creation_and_Use_Deployment_Guide.pdf">http://www.tandberg.com/collateral/documentation/Deployment_Guides/Cisco_VCS_Certificate_Creation_and_Use_Deployment_Guide.pdf</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Ryan Ratliff<br><b>Sent:</b> Friday, February 25, 2011 12:15 PM<br><b>To:</b> Mike King<br><b>Cc:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> Re: [cisco-voip] CUCM 7.0.2 Generate CSR Tomcat 1024 to 2048<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>You don't get to pick what's used for the CSR, you just have to generate it and see what it's using.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>CUCM 8.0(3) generates 2048-bit CSRs for tomcat by default.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal>rratliff-mac:Desktop rratliff$ openssl req -text -noout -in tomcat.csr<o:p></o:p></p></div><div><p class=MsoNormal>Certificate Request:<o:p></o:p></p></div><div><p class=MsoNormal> Data:<o:p></o:p></p></div><div><p class=MsoNormal> Version: 0 (0x0)<o:p></o:p></p></div><div><p class=MsoNormal> Subject: CN=rratliff-cucm-8-pub.voip.rratliff.local, OU=TAC, O=Cisco, L=RTP, ST=NC, C=US<o:p></o:p></p></div><div><p class=MsoNormal> Subject Public Key Info:<o:p></o:p></p></div><div><p class=MsoNormal> Public Key Algorithm: rsaEncryption<o:p></o:p></p></div><div><p class=MsoNormal> RSA Public Key: (2048 bit)<o:p></o:p></p></div><div><p class=MsoNormal> Modulus (2048 bit):<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal><span style='font-family:"Helvetica","sans-serif"'>-Ryan<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Feb 25, 2011, at 11:46 AM, Mike King wrote:<o:p></o:p></p></div><p class=MsoNormal><br>No CA will issue a certificate of less than 2048 due to the NIST issuing recommendation <a href="http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf">http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf</a> that Sizes of less than 2048 not be accepted.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The Real traction to this is that Microsoft (and all browser makers (Opera, Mozilla, Chrome)) have stated they will remove All 1024 bit CA certs from they're products as of December of 2010. (In support of the NIST deadline, detailed above)<o:p></o:p></p></div><div><p class=MsoNormal><a href="http://technet.microsoft.com/en-us/library/cc751157.aspx">http://technet.microsoft.com/en-us/library/cc751157.aspx</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'm not sure how to get CUCM to generate a 2048 CSR.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Do these docs help?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html#wp1147888">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html#wp1147888</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>Mike<o:p></o:p></p><div><p class=MsoNormal>On Fri, Feb 25, 2011 at 11:28 AM, Jimhend FORTIN Dany <<a href="mailto:jeterapres@hotmail.com">jeterapres@hotmail.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>Hello, <br> <br>I want to sign a CSR Tomcat SSL by a recognized authority. But my file is not accepted because it seems to be in 1024 and most authorities agree that CSR Certification of 2048.<br><br>Is there a company cheap that accepts CSR of 1024? Otherwise, how can that CUCM generates a CSR of 2048?<br><br><span lang=EN>Thank you for your time</span><br> <br><span lang=EN>Dany</span><br><br>Jimhend <a href="mailto:jeterapres@hotmail.com" target="_blank">jeterapres@hotmail.com</a><br><br><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>
<HTML><BODY><P><hr size=1></P>
<a href="http://dimensiondata.stream57.com/04141pm/"><span style='color:blue;text-decoration:none'><img border=0 src="http://image.exct.net/lib/feed16797d620d/i/2/8c665b10-9.gif" alt=DDIPT></span></a>
<P><STRONG>
Disclaimer:
This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
</STRONG></P></BODY></HTML>