So maybe then CUCM should be able to ssh into the default gateway of each phone segment and bounce the POE services? LOL ... I understand how ridiculous that sounded.
I can definitely see the challenges with that! At the very least, it couldn't be a completely automated process and would have to have some sort of manual intervention. Sent from my iPhone On Jun 23, 2017, at 1:00 PM, Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote: The signing of the CTL and ITL is easy to fix. The bigger problem is the automatic phone reset. -Ryan On Jun 23, 2017, at 12:58 PM, Ryan Huff <ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote: I suspect that would just obliterate CTL every time certbot runs the renewal ... every 3 months all phones reject registration... fun stuff. I suspect there would have to be a fundamental change with TVS and the SBD architecture. -Ryan On Jun 23, 2017, at 12:44 PM, Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote: Letsencrypt has 90-day certificates and they auto-renew at 60 days (IIRC). If you think that’s ok for a CUCM you really need to come listen to me on Monday morning. -Ryan On Jun 23, 2017, at 12:15 PM, Charles Goldsmith <wo...@justfamily.org<mailto:wo...@justfamily.org>> wrote: Nothing has been announced about it that I'm aware of, but it would be awesome if they did. It only makes sense since Cisco is a major sponsor of Let's Encrypt. CUCM, CUC, UCCX, IM&P and Expressway should be the priority in my mind :) After that, CIMC (updated for all m3 and higher hosts of course), and after that, you can throw a bone to the security, wireless and R&S groups... On Fri, Jun 23, 2017 at 10:11 AM, Heim, Dennis <dennis.h...@wwt.com<mailto:dennis.h...@wwt.com>> wrote: Is 12.x going to support ACME? Dennis Heim | Emerging Technology Architect (Collaboration) World Wide Technology, Inc. | +1 314-212-1814<tel:(314)%20212-1814> <image001.gif><https://twitter.com/CollabSensei> <image002.gif><image003.gif><tel:+13142121814><image004.gif> "Worry less about who you might offend, and more about who you might inspire" -- Tim Allen “When you have unlimited time, its easy” – Captain Chesley Sullenberger “There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper “The greatest danger for most of us is not that our aim is too high and we miss it, but that it is too low and we reach it.” -- Michelangelo Buonarroti “We should transform the way we work” – Rowan Trollope “If you’re not failing every now and again, it’s a sign you’re not doing anything very innovative” – Woody Allen Click here to join me in my Collaboration Meeting Room<https://wwt.webex.com/meet/dennis.heim> From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>] On Behalf Of Anthony Holloway Sent: Thursday, June 22, 2017 1:00 PM To: Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> Cc: cisco-voip voyp list <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] re-genarate certifications Like how 12.0 seamlessly integrates with https://letsencrypt.org/? On Thu, Jun 22, 2017 at 11:31 AM Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote: Since I have the bright and way-too-early Monday 8AM slot this year I need all the advertisement I can get :) The deck got a big overhaul for Berlin this year and next week won’t be much different than the recording I linked to earlier, though I do get to talk about some cool stuff coming in 12.0. -Ryan On Jun 22, 2017, at 12:21 PM, Anthony Holloway <avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote: Geez Philip! Way to be pushy about your session! ;) I was in this session (sitting behind Josh Warcop of all people) and it was really informative. It was at the time when multi-server Tomcat certificates were just coming out and the session really helped prepare me for that new feature. On Thu, Jun 22, 2017 at 8:34 AM Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote: I would highly recommend checking out https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93902&backBtn=true. (BRKUCC-2501 from ciscolive365.com<http://ciscolive365.com/> if that link does not work). Yes, it’s my session but with CLUS next week hopefully nobody minds the plug. -Ryan On Jun 21, 2017, at 8:02 PM, erik.anderson...@gmail.com<mailto:erik.anderson...@gmail.com> wrote: Take a look at the link below, it walks through what each cert does so it should help you understand the impacts. From my experience working with non-secured clusters you need to do one cert at a time to allow CUCM to push out that cert to the phones. Since the phones essentially use 2 certs trust CUCM you can regen them in stages. http://www.cisco.com/image/gif/paws/117299/117299-problemsolution-product-00.pdf -Erik Anderson From: Samadi boukil<mailto:boukilsam...@gmail.com> Sent: Wednesday, June 21, 2017 6:32 PM To: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: [cisco-voip] re-genarate certifications Hi, I want to know about the ampact(s) of re-generation of certifications on CUCM 8.x (call manager in Mode secure). thanks. -- SAMADI Boukil Élève Ingénieur Génie Télécommunications & Réseaux [https://docs.google.com/uc?export=download&id=0B_xjs74PFblZS01PWV91S01WWXM&revid=0B_xjs74PFblZYkhMeVRWYkdhZ2tIN3lHaG5NK3RMZWIrRlRNPQ]Profile LinkdeIn<https://www.linkedin.com/in/boukil-samadi> [https://docs.google.com/uc?export=download&id=0B_xjs74PFblZWU9hNzB0cDQwblE&revid=0B_xjs74PFblZZ1M3b2JBTFp0MjVJL2orUE1OcmZHRStwUE1VPQ]+212696184254<tel:+212%20696-184254> _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
