No problem, thanks for adding your insight. There are a couple of other providers that do duplication as well, they just call it something different, but I haven't worked with them directly. I'm told godaddy now supports it, but they only sell the SANs in blocks of 5.
On Thu, Jun 28, 2018 at 10:39 AM Bill Talley <[email protected]> wrote: > Scrolling through my phone and inadvertently replied to Charles email when > it popped up instead of Lelio’s. Sorry for duplicating what Charles said 🤪 > > > Sent from an iOS device with very tiny touchscreen input keys. Please > excude my typtos. > > On Jun 28, 2018, at 10:24 AM, Charles Goldsmith <[email protected]> > wrote: > > Generate a CSR from each server type (CUCM, CUC, UCCX, and each > expressway) and load all hostnames into each server, including your cluster > name of the expressway and the domain name. At Digicert, load your csr, > make sure the Common name matches the CSR that the server came from. Once > you have one cluster done, go back into the order and request duplicate, > load your 2nd csr, check the common name and issue the duplicate. Rinse > and repeat for all systems. > > Expressway clusters do not support multi-san, so just duplicate for each > node. > > On Thu, Jun 28, 2018 at 10:17 AM Lelio Fulgenzi <[email protected]> wrote: > >> Wait. What? I understand how the internals of CUCM and IMP can distribute >> one multi-san cert (built on the publisher’s CSR) to each CUCM and IMP node >> and uses private keys to ensure they load, but…. >> >> >> >> How the heck do you install a cert that was built on the pub’s CSR into >> CUC and UCCx? Or Expressway for that matter? >> >> >> >> We are a digicert client, so if you have specific breadcrumbs / drop down >> options, feel free to share. >> >> >> >> Lelio >> >> >> >> >> >> >> >> --- >> >> *Lelio Fulgenzi, B.A.* | Senior Analyst >> >> Computing and Communications Services | University of Guelph >> >> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | >> N1G 2W1 >> >> 519-824-4120 Ext. 56354 <(519)%20824-4120> | [email protected] >> >> >> >> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook >> >> >> >> [image: University of Guelph Cornerstone with Improve Life tagline] >> >> >> >> *From:* Charles Goldsmith <[email protected]> >> *Sent:* Thursday, June 28, 2018 10:40 AM >> *To:* Lelio Fulgenzi <[email protected]> >> *Cc:* voyp list, cisco-voip ([email protected]) < >> [email protected]> >> *Subject:* Re: [cisco-voip] multi-SAN / server certificates vs >> individual certs (CUCM/IMP) >> >> >> >> I've used multi-san certs on at least a dozen installs and have had no >> issues at all. In fact, with a good SSL provider, you can use the same >> Multi-SAN on CUCM, CUC, UCCX, Expressways. I like how Digicert does it, >> just duplicate the cert and make sure all of the hostnames are listed in >> the SAN. >> >> >> >> >> >> On Thu, Jun 28, 2018 at 9:37 AM Lelio Fulgenzi <[email protected]> wrote: >> >> >> We're in the process of installing signed certs and we have the choice >> between multi-SAN cert with the publisher CSR and rely on the internals to >> have that cert distributed to the subs and the imp nodes -OR- go with >> individual certs. >> >> It's a last minute thing, so I still need to do some research, but I'm >> wondering what people have been doing out there. We're less concerned with >> cost than we are future stability. I know that this multi-san support is >> recent with v10.x - have they ironed out the bugs? We're going with 11.5. >> >> Thoughts? >> >> >> --- >> Lelio Fulgenzi, B.A. | Senior Analyst >> Computing and Communications Services | University of Guelph >> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | >> N1G 2W1 >> 519-824-4120 Ext. 56354 <(519)%20824-4120> | [email protected]<mailto: >> [email protected]> >> >> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, >> Twitter and Facebook >> >> [University of Guelph Cornerstone with Improve Life tagline] >> >> _______________________________________________ >> cisco-voip mailing list >> [email protected] >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
