Scrolling through my phone and inadvertently replied to Charles email when it popped up instead of Lelio’s. Sorry for duplicating what Charles said 🤪
Sent from an iOS device with very tiny touchscreen input keys. Please excude my typtos. > On Jun 28, 2018, at 10:24 AM, Charles Goldsmith <[email protected]> wrote: > > Generate a CSR from each server type (CUCM, CUC, UCCX, and each expressway) > and load all hostnames into each server, including your cluster name of the > expressway and the domain name. At Digicert, load your csr, make sure the > Common name matches the CSR that the server came from. Once you have one > cluster done, go back into the order and request duplicate, load your 2nd > csr, check the common name and issue the duplicate. Rinse and repeat for all > systems. > > Expressway clusters do not support multi-san, so just duplicate for each node. > >> On Thu, Jun 28, 2018 at 10:17 AM Lelio Fulgenzi <[email protected]> wrote: >> Wait. What? I understand how the internals of CUCM and IMP can distribute >> one multi-san cert (built on the publisher’s CSR) to each CUCM and IMP node >> and uses private keys to ensure they load, but…. >> >> >> >> How the heck do you install a cert that was built on the pub’s CSR into CUC >> and UCCx? Or Expressway for that matter? >> >> >> >> We are a digicert client, so if you have specific breadcrumbs / drop down >> options, feel free to share. >> >> >> >> Lelio >> >> >> >> >> >> >> >> --- >> >> Lelio Fulgenzi, B.A. | Senior Analyst >> >> Computing and Communications Services | University of Guelph >> >> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G >> 2W1 >> >> 519-824-4120 Ext. 56354 | [email protected] >> >> >> >> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook >> >> >> >> >> >> >> >> From: Charles Goldsmith <[email protected]> >> Sent: Thursday, June 28, 2018 10:40 AM >> To: Lelio Fulgenzi <[email protected]> >> Cc: voyp list, cisco-voip ([email protected]) >> <[email protected]> >> Subject: Re: [cisco-voip] multi-SAN / server certificates vs individual >> certs (CUCM/IMP) >> >> >> >> I've used multi-san certs on at least a dozen installs and have had no >> issues at all. In fact, with a good SSL provider, you can use the same >> Multi-SAN on CUCM, CUC, UCCX, Expressways. I like how Digicert does it, >> just duplicate the cert and make sure all of the hostnames are listed in >> the SAN. >> >> >> >> >> >> On Thu, Jun 28, 2018 at 9:37 AM Lelio Fulgenzi <[email protected]> wrote: >> >> >> We're in the process of installing signed certs and we have the choice >> between multi-SAN cert with the publisher CSR and rely on the internals to >> have that cert distributed to the subs and the imp nodes -OR- go with >> individual certs. >> >> It's a last minute thing, so I still need to do some research, but I'm >> wondering what people have been doing out there. We're less concerned with >> cost than we are future stability. I know that this multi-san support is >> recent with v10.x - have they ironed out the bugs? We're going with 11.5. >> >> Thoughts? >> >> >> --- >> Lelio Fulgenzi, B.A. | Senior Analyst >> Computing and Communications Services | University of Guelph >> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G >> 2W1 >> 519-824-4120 Ext. 56354 | [email protected]<mailto:[email protected]> >> >> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, >> Twitter and Facebook >> >> [University of Guelph Cornerstone with Improve Life tagline] >> >> _______________________________________________ >> cisco-voip mailing list >> [email protected] >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
