<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">You can set it here, but I don’t know if I’ve seen the SANs(alternatehostname) used when generating the CSR, I think I’ve only seen them used with the self signed cert.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">admin:set web-security ?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">Syntax:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">set web-security orgunit orgname locality state<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">orgunit mandatory organizational unit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">orgname mandatory organizational name<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">locality mandatory location of organization<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">state mandatory state of organization<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">country optional country code can not be changed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1F497D">alternatehostname optional alternate host name<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In the screen shots, I include the text to add the SANs that you want for the cert. I believe in the cases of a Unity Connection server, you need to include
the cluster SANs as well, because this overwrites the SANs in the CSR. (I think)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-Nate<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net]
<b>On Behalf Of </b>Nate VanMaren<br>
<b>Sent:</b> Wednesday, December 05, 2012 11:11 AM<br>
<b>To:</b> Erick Wellnitz; cisco-voip<br>
<b>Subject:</b> Re: [cisco-voip] CUCM Certificate question<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Generate CSR from OS Administration</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="619" height="330" id="Picture_x0020_7" src="cid:image001.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Generate CSR
:6 Generate Certificate Signing Request - Windows Internet Explorer S
Generate Certificate Signing Request
Generate CSR Close
Status
r® Success: Certificate Signing Request Generated
r Generate certificate Signing Request
Lrtificate Name* tomcat w
— [ Generate CSR j [ Close j
n"><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Download the CSR</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="622" height="326" id="Picture_x0020_6" src="cid:image002.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Download CSR
Download Certificate Signing Request - Windows Internet Explorer
Download Certificate Signing Request 7’
Download CSR Close
Status
Certificate names not listed below do not have a corresponding CSR
r Download Certificate Signing Request
[ Certificate Name* tomcat
_________________ [ Close"><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Login to your CA</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="188" height="43" id="Picture_x0020_5" src="cid:image003.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Select a task:
Reauest a certificate"><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Then:</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="475" height="60" id="Picture_x0020_4" src="cid:image004.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Submit a certificate request by using a base-64-encoded CMC or
PKCS #10 file, or submit a renewal request by using a base-64-
encoded PKCS #7 file."><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Paste the contents of the CSR in the request area.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Select Web Server</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Put in the additional Attributes for the SAN, IP, short and long hostname, and cluster name for load balanace</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">san:dns=5.5.5.5&dns=asiavp1&dns=asiavp1.ldschurch.org&dns=asiavp&dns=asiavp.ldschurch.org</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="528" height="475" id="Picture_x0020_3" src="cid:image005.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Submit a Certificate Request or Renewal Request
To submit a saved request to the CA, paste a base-64-encoded CMC or P
generated by an external source (such as a Web server) in the Saved Requ
Saved Request:
A6VvFrULJIisGTxYmAwnkOmfWðlVaN6SOIPOytx/ a
Base-64-encoded F5 sovø fhJAtntinGCVg4HEFB+GJslpH6x/U+4n6W
certificate request a2 j xnpsbp 6GcdDlXnxa4 lLFWrsXðygoTtZrlpI 3m
(CMC or B1LBjEpMA1VvnWRtrn]ctCug=
PKCS #10 or END CERTIFICATE REQUEST [i
PKCS #7): _____
,,, I.
Certificate Template:
Web Server
‘r
Additional Attributes:
siavm&dnsasiavm. ldschurch. org
Attributes:
4 n,
Submit>"><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Download the Cert Chain.</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="373" height="93" id="Picture_x0020_2" src="cid:image006.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: e DEP encoded or Base 64 encoded
•.. Download certificate
Download certificate chain"><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Upload to CM</span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><img width="649" height="368" id="Picture_x0020_1" src="cid:image007.png@01CDD2DB.C8DC8B60" alt="Machine generated alternative text: Upload Certif icateftDertif icate chain Generate CSR Download CSR
é Upload Certificate/Certificate chain - Windows Internet Explorer
Uplodd Certificdte/Certificdte chdin g — r
Upload File Close
Status
Status: Ready
Upload Certificate/Certificate chain
Certificate Name* tomcat
Description jself-signed certificate
Upload File C:\tftp\asiavpl,p7b __________
— [ Upload File ] [ Close j"><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [<a href="mailto:cisco-voip-bounces@puck.nether.net">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Erick Wellnitz<br>
<b>Sent:</b> Wednesday, December 05, 2012 9:24 AM<br>
<b>To:</b> cisco-voip<br>
<b>Subject:</b> [cisco-voip] CUCM Certificate question</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">CUCM 8.6.2<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">MS internal certificate services<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">What I need to do is generate a certificate with three subject alternative names. So far, I haven't been able to get my generated cert to work. The self signed cert is still being used. Anyone ever made this kind of thing work? I have
had it working by using the csr but that doesn't allow me to add the needed SANs.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Any ideas would be much appreciated!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#666666"><br>
<br>
NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact
the sender by reply email and destroy all copies of the original message.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#666666"><o:p> </o:p></span></p>
</div>
</div>
<DIV>
<p class=MsoNormal><span style='font-size:7.0pt';font-family:'"Helvetica","Tahoma","Arial","sans-serif"'><font color="#666666"><br><br> NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.</span><o:p></o:p></span></p><BR>
</DIV></body>
</html>