Same. We have a multi-san certificate for our expressway-e cluster from Entrust. You have to create the CSR on the first node in the cluster, install the certificate and then copy the private key via SCP. You then load the private key and certificate into the 2nd server.
To get the private key. Login to the server that has the installed certificate via SCP as root. The file is privkey.pem in /tandberg/persistent/certs/ -----Original Message----- From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Hunter Fuller Sent: Tuesday, August 2, 2022 1:37 PM To: Lelio Fulgenzi <le...@uoguelph.ca> Cc: Cisco VOIP <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] [External] Re: expressway E GoDaddy certificate Since I just love being contrarian, we are running the same cert on both Expressway-E. It is not GoDaddy though. But feel free to take a look at how this works. Our expe are vbhexpe.voip.uah.edu and libexpe.voip.uah.edu and I've also attached the cert to this email. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Tue, Aug 2, 2022 at 9:06 AM Lelio Fulgenzi <le...@uoguelph.ca> wrote: > > We’ve always been weary of wildcard and muti-San certs that preclude a > certificate for each server. In our case, we have got a multi-san cert for > each expressway E (and C for that matter) which includes the server as the > primary host, and the peer, cluster name and domain as a SAN. > > > > I’m lucky that our cert team has got a contract with good inventory, so, a > couple of extra multi-SAN certs isn’t a big deal for us. > > > > At some point, we may consider moving the Expressways to Let’s Encrypt. It’s > the only Cisco collab platform that supports it for now. > > > > > > From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of > Shaihan Jaffrey > Sent: Tuesday, August 2, 2022 4:21 AM > To: Cisco VOIP <cisco-voip@puck.nether.net> > Subject: [cisco-voip] expressway E GoDaddy certificate > > > > CAUTION: This email originated from outside of the University of > Guelph. Do not click links or open attachments unless you recognize > the sender and know the content is safe. If in doubt, forward > suspicious emails to ith...@uoguelph.ca > > > > what is the process to renew Public certificate on Expressway E > through > > GoDaddy. > > Is one certificate sufficient for primary and secondary exp-e? > > > > do we have to get certificates based on FQDN? > > > > Regards > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
