<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Ahh then a successful day as we made one person have a good funny moment. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Terry<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Ryan Huff <ryanhuff@outlook.com> <br><b>Sent:</b> Wednesday, May 24, 2023 1:08 PM<br><b>To:</b> Hunter Fuller <hf0002@uah.edu>; Matthew Loraditch <MLoraditch@heliontechnologies.com><br><b>Cc:</b> Terry Oakley <Terry.Oakley@rdpolytech.ca>; voip puck <cisco-voip@puck.nether.net><br><b>Subject:</b> Re: [cisco-voip] [External] Re: Certificate issue and I am rubbish at certificates. (full disclosure)<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=1 cellpadding=0 width=600 style='width:6.25in;background:#F7FFAB;border:solid windowtext 3.0pt'><tr><td style='border:none;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='color:black'>CAUTION: This email is from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span><o:p></o:p></p></td></tr></table><div><div><div><div><p class=MsoNormal>Sovereign Citizen. That’s just funny.<o:p></o:p></p></div></div><div id=ms-outlook-mobile-signature><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='background:white'><span style='color:#212121'>Thanks,<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:#212121'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:#212121'>Ryan Huff<o:p></o:p></span></p></div></div></div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="98%" align=center></div><div id=divRplyFwdMsg><p class=MsoNormal><b><span style='color:black'>From:</span></b><span style='color:black'> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>> on behalf of Hunter Fuller <<a href="mailto:hf0002@uah.edu">hf0002@uah.edu</a>><br><b>Sent:</b> Wednesday, May 24, 2023 12:14:27 PM<br><b>To:</b> Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com">MLoraditch@heliontechnologies.com</a>><br><b>Cc:</b> Terry Oakley <<a href="mailto:Terry.Oakley@rdpolytech.ca">Terry.Oakley@rdpolytech.ca</a>>; voip puck <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br><b>Subject:</b> Re: [cisco-voip] [External] Re: Certificate issue and I am rubbish at certificates. (full disclosure)</span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>2028 is WAY too far in the future. No modern browser trusts a<br>publicly-issued certificate that is valid that far in the future. How<br>did you even get that certificate.<br><br>If you did a self signed, then that would explain why no browser<br>trusts it. Self signed is the "sovereign citizen" of certificates. You<br>need to get a certificate authority to sign your CSR.<br><br><a href="https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknowledge.digicert.com%2Fgeneralinformation%2F2-year_Certificate_Availability.html&data=05%7C01%7C%7C221aad3424994da2348d08db5c8a3825%7C3aed1c227c31455eb67a279994fffbd6%7C0%7C0%7C638205520956959554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3ix98FTYVzabBqK8CobMuUjKkfTM3xKNAw2V1eiWbZw%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknowledge.digicert.com%2Fgeneralinformation%2F2-year_Certificate_Availability.html&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=F3nhWssXTK3oZj0mDi%2BySMTvinQ2iJcDRiQvQIMOVto%3D&reserved=0</a><br><br>--<br>Hunter Fuller (they)<br>Router Jockey<br>VBH M-1C<br>+1 256 824 5331<br><br>Office of Information Technology<br>The University of Alabama in Huntsville<br>Network Engineering<br><br>On Wed, May 24, 2023 at 11:01 AM Matthew Loraditch<br><<a href="mailto:MLoraditch@heliontechnologies.com">MLoraditch@heliontechnologies.com</a>> wrote:<br>><br>> It sounds like something is different between the old and new certs (besides the dates). As far as clients accessing Unity via a browser, the callmanager-trust certs are not involved. I’m not even sure they are used at all on a Unity server. I’ve never touched them.<br>><br>><br>><br>> I would take a look at the old and new certs and make sure the subject and SAN fields are all the same. There can be a lot of reasons for cert errors and the errors are all similar and hard to diagnose without access to the browser throwing the error, but that’s the first thing I would check.<br>><br>><br>><br>><br>><br>><br>> Matthew Loraditch<br>> Sr. Network Engineer<br>> direct: 443.541.1518<br>> e: <a href="mailto:MLoraditch@heliontechnologies.com">MLoraditch@heliontechnologies.com</a><br>> <a href="https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heliontechnologies.com%2F&data=05%7C01%7C%7C221aad3424994da2348d08db5c8a3825%7C3aed1c227c31455eb67a279994fffbd6%7C0%7C0%7C638205520956959554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E2ynbFhj23XmhiTgsJyFiq4LWWL0cvvGvcujq%2F8rotQ%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heliontechnologies.com%2F&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9WGDmNKbNXHrjDes9vllJS%2FN9u4u5uEOOHMOeF4e5xk%3D&reserved=0</a><br><br>><br>> From: cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>> On Behalf Of Terry Oakley<br>> Sent: Wednesday, May 24, 2023 11:35 AM<br>> To: 'voip puck' <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br>> Subject: [cisco-voip] Certificate issue and I am rubbish at certificates. (full disclosure)<br>><br>><br>><br>> [EXTERNAL]<br>><br>><br>><br>> On our Unity Connection server the certificates for Tomcat and Tomcat trust expired over the weekend, my oversight. I regenerated the certificates and both are now year 2028 expiry date. But we still get the same error if someone is trying to access their inbox (<a href="https://server/inbox/">https://server/inbox/</a>) (error is You cannot visit server right now because the website uses HSTS)<br>><br>><br>><br>> I noticed that there is a CallManager-Trust certificate that expired on the same day as the Tomcat certs. The CallManager-Trust certificate is issued by the CA (CA signed) but when I go to Generate a CSR I don’t have the option to choose CallManager-Trust or Trust . I have Tomcat, Tomcat ecdsa or ipsec. The common name for the expired CallManager-Trust certificate is the UnityConnection server that users cannot get too. Little confused as to where this CallManager Trust certificate can be generated from.<br>><br>><br>><br>><br>><br>> Thank you<br>><br>><br>><br>> Terry<br>><br>><br>><br>> _______________________________________________<br>> cisco-voip mailing list<br>> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>> <a href="https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C221aad3424994da2348d08db5c8a3825%7C3aed1c227c31455eb67a279994fffbd6%7C0%7C0%7C638205520956959554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xmBvCVtpqMEl9xkPNY8LQiyxAT4GcxmRKGPIh6yxWbs%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f8O9Ho0327p4Q3Ad%2FqZ5oIF2pwXLbqjow%2F102o0M1IM%3D&reserved=0</a><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C221aad3424994da2348d08db5c8a3825%7C3aed1c227c31455eb67a279994fffbd6%7C0%7C0%7C638205520956959554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xmBvCVtpqMEl9xkPNY8LQiyxAT4GcxmRKGPIh6yxWbs%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f8O9Ho0327p4Q3Ad%2FqZ5oIF2pwXLbqjow%2F102o0M1IM%3D&reserved=0</a><o:p></o:p></p></div></div></div></div></body></html>