<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">We’ve always been weary of wildcard and muti-San certs that preclude a certificate for each server. In our case, we have got a multi-san cert for each expressway E (and C for that matter) which includes the server as the primary host, and
the peer, cluster name and domain as a SAN. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m lucky that our cert team has got a contract with good inventory, so, a couple of extra multi-SAN certs isn’t a big deal for us.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">At some point, we may consider moving the Expressways to Let’s Encrypt. It’s the only Cisco collab platform that supports it for now.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net>
<b>On Behalf Of </b>Shaihan Jaffrey<br>
<b>Sent:</b> Tuesday, August 2, 2022 4:21 AM<br>
<b>To:</b> Cisco VOIP <cisco-voip@puck.nether.net><br>
<b>Subject:</b> [cisco-voip] expressway E GoDaddy certificate<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:solid #9C6500 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal" style="line-height:12.0pt;background:#FFEB9C"><b><span style="font-size:10.0pt;color:black">CAUTION:</span></b><span style="font-size:10.0pt;color:black"> This email originated from outside of the University of Guelph. Do not click links
or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to
<a href="mailto:IThelp@uoguelph.ca">IThelp@uoguelph.ca</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">what is the process to renew Public certificate on Expressway E through<o:p></o:p></p>
<div>
<p class="MsoNormal">GoDaddy. <o:p></o:p></p>
<div>
<p class="MsoNormal">Is one certificate sufficient for primary and secondary exp-e? <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">do we have to get certificates based on FQDN?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>