<div style="white-space:pre-wrap">If you don't want Jabber to throw a cert warning, you're going to need to change all IP addresses referenced liked that to FQDN. you can change the CUC one inside of CUCM under User Mgmt > User Settings > UC Service. </div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 11, 2015 at 3:58 PM Michael David <<a href="mailto:mdavid@sps186.org">mdavid@sps186.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>For now I'm going to cross my fingers on the upper/lower case issue. Right now we're using 10.5(2)SU1. </div><div><br></div><div>I started with Unity; changed the CN to "<a href="http://vunity.sps186.org" target="_blank">vunity.sps186.org</a>" and let the SANs auto-populate with the pub/sub etc. Certs created fine, installed fine. Restarted tomcat, and now SSL is looking good when accessing the console. After a few minutes, Jabber connected without any errors (despite the fact that the config shows the IP rather than a hostname..)</div><div><br></div><div>Going to try the CUCM cluster now.</div><div><br></div><div>Thanks, Anthony and Ryan!</div></div><div style="word-wrap:break-word"><div><br></div><div>Michael</div></div><div style="word-wrap:break-word"><div><br></div><br><div><blockquote type="cite"><div>On Sep 11, 2015, at 2:54 PM, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>> wrote:</div><br><div><div dir="ltr">It was actually your session at Cisco Live this year Ryan, where I learned about MS certs and the suffix. ;) I pulled the slide deck up for reference a weeks ago when I was working with COMODO CA.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 11, 2015 at 2:30 PM Ryan Ratliff (rratliff) <<a href="mailto:rratliff@cisco.com" target="_blank">rratliff@cisco.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
I just generated a Tomcat MS CSR without the -ms with no issue on 11.0.
<div><br>
</div>
<div>On the case thing as long as you are on the latest SU you should be fine. There have been defects related to case validation on certs (CSCuu69964 for example) but you should be ok.</div>
<div></div></div><div style="word-wrap:break-word"><div><br>
<div>-Ryan </div></div></div><div style="word-wrap:break-word"><div>
<br>
<div>
<div>On Sep 11, 2015, at 1:49 PM, Michael David <<a href="mailto:mdavid@sps186.org" target="_blank">mdavid@sps186.org</a>> wrote:</div>
<br>
<div>
<div style="word-wrap:break-word">
Greetings,
<div><br>
</div>
<div>When I generate the SAN CSRs, the server sets the common name to, for example,
<a href="http://vunity1.sps186.org/" target="_blank">VUNITY1.sps186.org</a>-ms - the "-ms" being added automatically to the end. All the SANs in the list correspond to the actual hostnames and domain name. Can I change this CN to remove the -ms? GoDaddy isn't allowing
the cert to be created because the CN isn't a FQDN. Not sure if the CUCM/Unity stuff needs the -ms for its own uses.</div>
<div><br>
</div>
<div>Furthermore, our vendor set the hostnames to, for exmple, VUNITY1, VUCM1, etc rather than vunity1, vucm1. GoDaddy changed the case from CSRs from the uppercase format to the lowercase format. If the certs generate with the lowercase-only names,
will they still function on the cluster with the cluster hostnames uppercase?</div>
<div><br>
</div>
<div>Thanks in advance,</div>
<div>Michael<br>
<div><span style="border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
<br>
--</div>
<div style="word-wrap:break-word">
Michael A. David, CCNA </div>
<div style="word-wrap:break-word">
Springfield Public Schools</div>
<div style="word-wrap:break-word">
Technology Service Center</div>
<div style="word-wrap:break-word">
217.585.5802 ext. 85114</div>
<div style="word-wrap:break-word">
217.585.5809 (FAX)</div>
</span></div>
<br>
</div>
</div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</div>
</div>
<br>
</div></div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div>
</div></blockquote></div><br><div>
<span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><br>--</div><div style="word-wrap:break-word">Michael A. David, CCNA </div><div style="word-wrap:break-word">Springfield Public Schools</div><div style="word-wrap:break-word">Technology Service Center</div><div style="word-wrap:break-word">217.585.5802 ext. 85114</div><div style="word-wrap:break-word">217.585.5809 (FAX)</div></span>
</div>
<br></div></blockquote></div>