<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
The requirement of the CN being in the SAN is a browser thing, not a server issue. It’s also going to be a CA requirement going forward if you buy certs from external CAs.
<div class=""><br class="">
<div class="">-Ryan </div>
<br class="">
<div>
<div class="">On May 27, 2015, at 7:29 AM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" class="">MLoraditch@heliontechnologies.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)" class="">
<style class=""><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="purple" class="">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class="">That makes sense, but I know I’ve done this before w/o issue, albeit I may not have been at precisely the version this server was at in this scenario
(single server 10.5.2SU1).<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""> </span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class="">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA<br class="">
Network Engineer<br class="">
Direct Voice: 443.541.1518</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""><br class="">
<br class="">
<o:p class=""></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""><a href="https://www.facebook.com/heliontech?ref=hl" class=""><span style="font-size:8.0pt" class="">Facebook</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class="">
| </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""><a href="https://twitter.com/HelionTech" class=""><span style="font-size:8.0pt" class="">Twitter</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class="">
| </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""><a href="https://www.linkedin.com/company/helion-technologies?trk=top_nav_home" class=""><span style="font-size:8.0pt" class="">LinkedIn</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class="">
| </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""><a href="https://plus.google.com/+Heliontechnologies/posts" class=""><span style="font-size:8.0pt" class="">G+</span></a><o:p class=""></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D" class=""> </span></p>
<p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> Andrew Grech [<a href="mailto:agrech88@gmail.com" class="">mailto:agrech88@gmail.com</a>]
<br class="">
<b class="">Sent:</b> Wednesday, May 27, 2015 6:18 AM<br class="">
<b class="">To:</b> Matthew Loraditch<br class="">
<b class="">Cc:</b> Ryan Ratliff (rratliff); cisco-voip voyp list<br class="">
<b class="">Subject:</b> Re: [cisco-voip] Very Strange SSL Issue...<o:p class=""></o:p></span></p>
<p class="MsoNormal"><o:p class=""> </o:p></p>
<div class="">
<p class="MsoNormal">When issuing certs with SANS the CN needs to included as a SAN. FYI<o:p class=""></o:p></p>
</div>
<div class="">
<p class="MsoNormal"><o:p class=""> </o:p></p>
<div class="">
<p class="MsoNormal">On Wed, May 27, 2015 at 6:57 AM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" class="">MLoraditch@heliontechnologies.com</a>> wrote:<o:p class=""></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in" class="">
<div class="">
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D" class="">The only SAN was the root of the domain name.. but I removed that and now it works. Oddest thing I’ve seen in a while..</span><o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D" class=""> </span><o:p class=""></o:p></p>
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt;color:#1F497D" class="">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA<br class="">
Network Engineer<br class="">
Direct Voice: 443.541.1518</span><o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D" class=""><a href="https://www.facebook.com/heliontech?ref=hl" target="_blank" class=""><span style="font-size:8.0pt" class="">Facebook</span></a></span><span style="font-size:8.0pt;color:#1F497D" class="">
| </span><span style="color:#1F497D" class=""><a href="https://twitter.com/HelionTech" target="_blank" class=""><span style="font-size:8.0pt" class="">Twitter</span></a></span><span style="font-size:8.0pt;color:#1F497D" class=""> |
</span><span style="color:#1F497D" class=""><a href="https://www.linkedin.com/company/helion-technologies?trk=top_nav_home" target="_blank" class=""><span style="font-size:8.0pt" class="">LinkedIn</span></a></span><span style="font-size:8.0pt;color:#1F497D" class="">
| </span><span style="color:#1F497D" class=""><a href="https://plus.google.com/+Heliontechnologies/posts" target="_blank" class=""><span style="font-size:8.0pt" class="">G+</span></a></span><o:p class=""></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D" class=""> </span><o:p class=""></o:p></p>
<div class="">
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in" class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b class="">From:</b> Ryan Ratliff (rratliff) [mailto:<a href="mailto:rratliff@cisco.com" target="_blank" class="">rratliff@cisco.com</a>]
<br class="">
<b class="">Sent:</b> Thursday, May 21, 2015 2:41 PM<br class="">
<b class="">To:</b> Matthew Loraditch<br class="">
<b class="">Cc:</b> cisco-voip voyp list<br class="">
<b class="">Subject:</b> Re: [cisco-voip] Very Strange SSL Issue...<o:p class=""></o:p></p>
</div>
</div>
<div class="">
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Check and see if the CN is also a SAN. I’ve seen recent browsers that ignore CN if any SAN is present.
<o:p class=""></o:p></p>
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-Ryan
<o:p class=""></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<div class="">
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On May 20, 2015, at 1:31 PM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" class="">MLoraditch@heliontechnologies.com</a>> wrote:<o:p class=""></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<div class="">
<div class="">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Has anyone ever seen where you put a cert on CUCM/CUCXN/IM&P and the Subject name matches but your browser insists it doesn’t? I can’t figure this out. I checked as best I could
for spaces like mentioned in Lelio’s recent thread about a CSR and I have no indication of that.<o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I honestly don’t have a clue where to go, it’s not really a server issue as the server is just presenting the cert I installed, but I have it on both UCxn and CCM/IM&P. I can’t
believe I put an errant space on both servers…<o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt" class="">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA<br class="">
Network Engineer<br class="">
Direct Voice: 443.541.1518</span><br class="">
<br class="">
<o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://www.facebook.com/heliontech?ref=hl" target="_blank" class=""><span style="font-size:8.0pt" class="">Facebook</span></a><span style="font-size:8.0pt" class=""> |
</span><a href="https://twitter.com/HelionTech" target="_blank" class=""><span style="font-size:8.0pt" class="">Twitter</span></a><span style="font-size:8.0pt" class=""> |
</span><a href="https://www.linkedin.com/company/helion-technologies?trk=top_nav_home" target="_blank" class=""><span style="font-size:8.0pt" class="">LinkedIn</span></a><span style="font-size:8.0pt" class=""> |
</span><a href="https://plus.google.com/+Heliontechnologies/posts" target="_blank" class=""><span style="font-size:8.0pt" class="">G+</span></a><o:p class=""></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">_______________________________________________<br class="">
cisco-voip mailing list<br class="">
<a href="mailto:cisco-voip@puck.nether.net" target="_blank" class="">cisco-voip@puck.nether.net</a><br class="">
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank" class="">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p class=""></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p class=""></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br class="">
_______________________________________________<br class="">
cisco-voip mailing list<br class="">
<a href="mailto:cisco-voip@puck.nether.net" class="">cisco-voip@puck.nether.net</a><br class="">
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank" class="">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p class=""></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p class=""> </o:p></p>
</div>
</div>
</div>
</div>
</div>
<br class="">
</div>
</body>
</html>