Sovereign Citizen. That’s just funny. Thanks,
Ryan Huff ________________________________ From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Hunter Fuller <hf0...@uah.edu> Sent: Wednesday, May 24, 2023 12:14:27 PM To: Matthew Loraditch <mloradi...@heliontechnologies.com> Cc: Terry Oakley <terry.oak...@rdpolytech.ca>; voip puck <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] [External] Re: Certificate issue and I am rubbish at certificates. (full disclosure) 2028 is WAY too far in the future. No modern browser trusts a publicly-issued certificate that is valid that far in the future. How did you even get that certificate. If you did a self signed, then that would explain why no browser trusts it. Self signed is the "sovereign citizen" of certificates. You need to get a certificate authority to sign your CSR. https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknowledge.digicert.com%2Fgeneralinformation%2F2-year_Certificate_Availability.html&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=F3nhWssXTK3oZj0mDi%2BySMTvinQ2iJcDRiQvQIMOVto%3D&reserved=0<https://knowledge.digicert.com/generalinformation/2-year_Certificate_Availability.html> -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Wed, May 24, 2023 at 11:01 AM Matthew Loraditch <mloradi...@heliontechnologies.com> wrote: > > It sounds like something is different between the old and new certs (besides > the dates). As far as clients accessing Unity via a browser, the > callmanager-trust certs are not involved. I’m not even sure they are used at > all on a Unity server. I’ve never touched them. > > > > I would take a look at the old and new certs and make sure the subject and > SAN fields are all the same. There can be a lot of reasons for cert errors > and the errors are all similar and hard to diagnose without access to the > browser throwing the error, but that’s the first thing I would check. > > > > > > > Matthew Loraditch > Sr. Network Engineer > direct: 443.541.1518 > e: mloradi...@heliontechnologies.com > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heliontechnologies.com%2F&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9WGDmNKbNXHrjDes9vllJS%2FN9u4u5uEOOHMOeF4e5xk%3D&reserved=0<http://www.heliontechnologies.com/> > > From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Terry > Oakley > Sent: Wednesday, May 24, 2023 11:35 AM > To: 'voip puck' <cisco-voip@puck.nether.net> > Subject: [cisco-voip] Certificate issue and I am rubbish at certificates. > (full disclosure) > > > > [EXTERNAL] > > > > On our Unity Connection server the certificates for Tomcat and Tomcat trust > expired over the weekend, my oversight. I regenerated the certificates and > both are now year 2028 expiry date. But we still get the same error if > someone is trying to access their inbox (https://server/inbox/) (error is > You cannot visit server right now because the website uses HSTS) > > > > I noticed that there is a CallManager-Trust certificate that expired on the > same day as the Tomcat certs. The CallManager-Trust certificate is issued > by the CA (CA signed) but when I go to Generate a CSR I don’t have the option > to choose CallManager-Trust or Trust . I have Tomcat, Tomcat ecdsa or ipsec. > The common name for the expired CallManager-Trust certificate is the > UnityConnection server that users cannot get too. Little confused as to > where this CallManager Trust certificate can be generated from. > > > > > > Thank you > > > > Terry > > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f8O9Ho0327p4Q3Ad%2FqZ5oIF2pwXLbqjow%2F102o0M1IM%3D&reserved=0<https://puck.nether.net/mailman/listinfo/cisco-voip> _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=05%7C01%7C%7C33aae16f4f824da959ec08db5c72202d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638205417463181216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f8O9Ho0327p4Q3Ad%2FqZ5oIF2pwXLbqjow%2F102o0M1IM%3D&reserved=0<https://puck.nether.net/mailman/listinfo/cisco-voip>
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip