<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body>

<div>

<div>

<div style="direction: ltr;">I think CSR 14 is supposed to deal with simplicity of certificate operations</div>

</div>

<div><br>

</div>

<div class="ms-outlook-ios-signature">Get <a href="https://aka.ms/o0ukef">Outlook for iOS</a></div>

</div>

<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td style="padding:0 10px 0 0;"> </td><td align="left" style="padding:10px 0 10px 10px;vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:14.67px;color:#F3800B;font-style:normal;font-weight:700;white-space:nowrap;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Matthew Loraditch<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;"></span></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:700;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;">Sr. Network Engineer</td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">p:</span> <a href="tel:443.541.1518" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">443.541.1518</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#808080;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">w:</span> <a href="http://www.heliontechnologies.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">www.heliontechnologies.com</strong></a></td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"> | </td><td align="left" style="vertical-align:top;font-family:Calibri,Arial,sans-serif;"><span style="color:#F3800B;">e:</span> <a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#808080;"><strong style="font-weight:400;">MLoraditch@heliontechnologies.com</strong></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="vertical-align:bottom;"><a href="http://www.heliontechnologies.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image300340.png@F10D5704.BFB39F8D" width="300" height="75" border="0" title="Helion Technologies" alt="Helion Technologies" style="width:300px;min-width:300px;max-width:300px;height:75px;min-height:75px;max-height:75px;font-size:12px;" /></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="vertical-align:top;"><a href="https://facebook.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image515247.png@861250F5.BE5F2815" width="18" height="18" border="0" title="Facebook" alt="Facebook" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://twitter.com/heliontech" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image403221.png@99E4240D.5CBD59D3" width="18" height="18" border="0" title="Twitter" alt="Twitter" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="center" style="padding:0 3px 0 0;vertical-align:top;"><a href="https://www.linkedin.com/company/helion-technologies" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image067129.png@4D750BA2.65ACD0C7" width="18" height="18" border="0" title="LinkedIn" alt="LinkedIn" style="width:18px;min-width:18px;max-width:18px;height:18px;min-height:18px;max-height:18px;font-size:12px;" /></a></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div><hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net> on behalf of Hunter Fuller <hf0002@uah.edu><br>

<b>Sent:</b> Wednesday, March 4, 2020 1:55:50 PM<br>

<b>To:</b> Lelio Fulgenzi <lelio@uoguelph.ca><br>

<b>Cc:</b> Norton, Mike <mikenorton@pwsd76.ab.ca>; voyp list, cisco-voip (cisco-voip@puck.nether.net) <cisco-voip@puck.nether.net><br>

<b>Subject:</b> Re: [cisco-voip] [External] Re: certificate renewals - 1 year only - due to Apple changes</font>

<div> </div>

</div>

<div>

<p></p>

<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">

<span style="color:#9C6500">[EXTERNAL]</span></div>

<br>

<p></p>

<div>

<div dir="ltr">Is it possible to install a cert via API? If that works, we can do this from an admin machine, whether or not the Cisco service (for instance CUCM) supports it.<br clear="all">

<div>

<div>

<div dir="ltr" class="x_gmail_signature">

<div dir="ltr">

<div><br>

--<br>

Hunter Fuller<br>

Router Jockey<br>

VBH Annex B-5<br>

+1 256 824 5331<br>

<br>

Office of Information Technology<br>

The University of Alabama in Huntsville<br>

Network Engineering</div>

</div>

</div>

</div>

<br>

</div>

</div>

<br>

<div class="x_gmail_quote">

<div dir="ltr" class="x_gmail_attr">On Wed, Mar 4, 2020 at 12:46 PM Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a>> wrote:<br>

</div>

<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">

<div lang="EN-US">

<div class="x_gmail-m_4810002347852098479WordSection1">

<p class="x_MsoNormal">Unfortunately, I can’t justify a telephone system upgrade for the sake of auto-renewal of certificates.

<span style="font-family:"Segoe UI Emoji",sans-serif">☹</span><u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">CUCM v11.5 has yet to be announced EOL. (Please Please Please don’t happen tomorrow).

<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">This means we’ve got at least 5 more years to plan accordingly.<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">Will they issue an SU to support let’s encrypt? Let’s hope so!<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<div>

<div style="border-color:rgb(225,225,225) currentcolor currentcolor; border-style:solid none none; border-width:1pt medium medium; padding:3pt 0in 0in">

<p class="x_MsoNormal"><b>From:</b> Norton, Mike <<a href="mailto:mikenorton@pwsd76.ab.ca" target="_blank">mikenorton@pwsd76.ab.ca</a>>

<br>

<b>Sent:</b> Wednesday, March 4, 2020 1:38 PM<br>

<b>To:</b> Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>; voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>

<b>Subject:</b> RE: certificate renewals - 1 year only - due to Apple changes<u></u><u></u></p>

</div>

</div>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal"><span lang="EN-CA" style="color:rgb(31,73,125)">If two years from now, a product that needs public certificates still doesn’t support automated renewals, then it’s a terrible product you should have migrated away from two years earlier.

 The writing has been on the wall for a long time. But even for developers who’ve had their heads in sand, two years is still plenty of time for them to get a clue. ;-)<br>

<br>

-mn<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<div>

<div style="border-color:rgb(225,225,225) currentcolor currentcolor; border-style:solid none none; border-width:1pt medium medium; padding:3pt 0in 0in">

<p class="x_MsoNormal"><b>From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>>

<b>On Behalf Of </b>Lelio Fulgenzi<br>

<b>Sent:</b> March 4, 2020 10:52 AM<br>

<b>To:</b> voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>

<b>Subject:</b> [cisco-voip] certificate renewals - 1 year only - due to Apple changes<u></u><u></u></p>

</div>

</div>

<p class="x_MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">So, we’ve gotten word that Apple is thinking of “accepting/trusting” only certs that are 13 months old or less.<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal"><a href="https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/" target="_blank">https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/</a><u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">This is a bit of a drag on Jabber deployments due to so many certs being needed.<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">From what I’ve seen, only Expressway supports auto-renew like let’s encrypt.<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">From the article, it seems:<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">"Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates."<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">I’m guessing it if says Safari, it’s any cert used by an apple device, since the safari engine is used throughout, right?<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">We’re planning on renewing soon, so we should be good to go with 2 years.<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">But the future?<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

<p class="x_MsoNormal">What are others planning on doing?<u></u><u></u></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

</div>

</div>

_______________________________________________<br>

cisco-voip mailing list<br>

<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>

<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>

</blockquote>

</div>

</div>

</div>

</body>

</html>