<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">For now I'm going to cross my fingers on the upper/lower case issue. Right now we're using 10.5(2)SU1. </div><div class=""><br class=""></div><div class="">I started with Unity; changed the CN to "<a href="http://vunity.sps186.org" class="">vunity.sps186.org</a>" and let the SANs auto-populate with the pub/sub etc. Certs created fine, installed fine. Restarted tomcat, and now SSL is looking good when accessing the console. After a few minutes, Jabber connected without any errors (despite the fact that the config shows the IP rather than a hostname..)</div><div class=""><br class=""></div><div class="">Going to try the CUCM cluster now.</div><div class=""><br class=""></div><div class="">Thanks, Anthony and Ryan!</div><div class=""><br class=""></div><div class="">Michael</div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 11, 2015, at 2:54 PM, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com" class="">avholloway+cisco-voip@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">It was actually your session at Cisco Live this year Ryan, where I learned about MS certs and the suffix. ;) I pulled the slide deck up for reference a weeks ago when I was working with COMODO CA.</div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Fri, Sep 11, 2015 at 2:30 PM Ryan Ratliff (rratliff) <<a href="mailto:rratliff@cisco.com" class="">rratliff@cisco.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word" class="">
I just generated a Tomcat MS CSR without the -ms with no issue on 11.0.
<div class=""><br class="">
</div>
<div class="">On the case thing as long as you are on the latest SU you should be fine. There have been defects related to case validation on certs (CSCuu69964 for example) but you should be ok.</div>
<div class=""></div></div><div style="word-wrap:break-word" class=""><div class=""><br class="">
<div class="">-Ryan </div></div></div><div style="word-wrap:break-word" class=""><div class="">
<br class="">
<div class="">
<div class="">On Sep 11, 2015, at 1:49 PM, Michael David <<a href="mailto:mdavid@sps186.org" target="_blank" class="">mdavid@sps186.org</a>> wrote:</div>
<br class="">
<div class="">
<div style="word-wrap:break-word" class="">
Greetings,
<div class=""><br class="">
</div>
<div class="">When I generate the SAN CSRs, the server sets the common name to, for example,
<a href="http://vunity1.sps186.org/" target="_blank" class="">VUNITY1.sps186.org</a>-ms - the "-ms" being added automatically to the end. All the SANs in the list correspond to the actual hostnames and domain name. Can I change this CN to remove the -ms? GoDaddy isn't allowing
the cert to be created because the CN isn't a FQDN. Not sure if the CUCM/Unity stuff needs the -ms for its own uses.</div>
<div class=""><br class="">
</div>
<div class="">Furthermore, our vendor set the hostnames to, for exmple, VUNITY1, VUCM1, etc rather than vunity1, vucm1. GoDaddy changed the case from CSRs from the uppercase format to the lowercase format. If the certs generate with the lowercase-only names,
will they still function on the cluster with the cluster hostnames uppercase?</div>
<div class=""><br class="">
</div>
<div class="">Thanks in advance,</div>
<div class="">Michael<br class="">
<div class=""><span style="border-collapse:separate;border-spacing:0px" class="">
<div style="word-wrap:break-word" class="">
<br class="">
--</div>
<div style="word-wrap:break-word" class="">
Michael A. David, CCNA </div>
<div style="word-wrap:break-word" class="">
Springfield Public Schools</div>
<div style="word-wrap:break-word" class="">
Technology Service Center</div>
<div style="word-wrap:break-word" class="">
217.585.5802 ext. 85114</div>
<div style="word-wrap:break-word" class="">
217.585.5809 (FAX)</div>
</span></div>
<br class="">
</div>
</div>
_______________________________________________<br class="">
cisco-voip mailing list<br class="">
<a href="mailto:cisco-voip@puck.nether.net" target="_blank" class="">cisco-voip@puck.nether.net</a><br class="">
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank" class="">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br class="">
</div>
</div>
<br class="">
</div></div>
_______________________________________________<br class="">
cisco-voip mailing list<br class="">
<a href="mailto:cisco-voip@puck.nether.net" target="_blank" class="">cisco-voip@puck.nether.net</a><br class="">
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank" class="">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br class="">
</blockquote></div>
</div></blockquote></div><br class=""><div class="">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class="Apple-interchange-newline">--</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Michael A. David, CCNA </div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Springfield Public Schools</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Technology Service Center</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">217.585.5802 ext. 85114</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">217.585.5809 (FAX)</div></span>
</div>
<br class=""></body></html>