<div dir="ltr">Not that I have seen, but you could just pre-API the shit out of it with Python + Paramiko because the CLI has all the cert functions built-in.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 4, 2020 at 12:58 PM Hunter Fuller <<a href="mailto:hf0002@uah.edu">hf0002@uah.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Is it possible to install a cert via API? If that works, we can do this from an admin machine, whether or not the Cisco service (for instance CUCM) supports it.<br clear="all"><div><div><div dir="ltr"><div dir="ltr"><div><br>--<br>Hunter Fuller<br>Router Jockey<br>VBH Annex B-5<br>+1 256 824 5331<br><br>Office of Information Technology<br>The University of Alabama in Huntsville<br>Network Engineering</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 4, 2020 at 12:46 PM Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal">Unfortunately, I can’t justify a telephone system upgrade for the sake of auto-renewal of certificates.
<span style="font-family:"Segoe UI Emoji",sans-serif">☹</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">CUCM v11.5 has yet to be announced EOL. (Please Please Please don’t happen tomorrow).
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">This means we’ve got at least 5 more years to plan accordingly.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Will they issue an SU to support let’s encrypt? Let’s hope so!<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in">
<p class="MsoNormal"><b>From:</b> Norton, Mike <<a href="mailto:mikenorton@pwsd76.ab.ca" target="_blank">mikenorton@pwsd76.ab.ca</a>> <br>
<b>Sent:</b> Wednesday, March 4, 2020 1:38 PM<br>
<b>To:</b> Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>; voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> RE: certificate renewals - 1 year only - due to Apple changes<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125)" lang="EN-CA">If two years from now, a product that needs public certificates still doesn’t support automated renewals, then it’s a terrible product you should have migrated away from two years earlier. The writing
has been on the wall for a long time. But even for developers who’ve had their heads in sand, two years is still plenty of time for them to get a clue. ;-)<br>
<br>
-mn<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125)" lang="EN-CA"><u></u> <u></u></span></p>
<div>
<div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in">
<p class="MsoNormal"><b>From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>>
<b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> March 4, 2020 10:52 AM<br>
<b>To:</b> voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> [cisco-voip] certificate renewals - 1 year only - due to Apple changes<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">So, we’ve gotten word that Apple is thinking of “accepting/trusting” only certs that are 13 months old or less.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><a href="https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/" target="_blank">https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">This is a bit of a drag on Jabber deployments due to so many certs being needed.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">From what I’ve seen, only Expressway supports auto-renew like let’s encrypt.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">From the article, it seems:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">"Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates."<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m guessing it if says Safari, it’s any cert used by an apple device, since the safari engine is used throughout, right?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We’re planning on renewing soon, so we should be good to go with 2 years.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">But the future?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">What are others planning on doing?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div>