[cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem? set web-security CH Hawaii Department of Boating Honolulu Hawaii US ton.state.hi.us HI-IT-UC-CM-P.ton.state.hi.us myphone.ton.state.hi.us Expected 4 mandatory and up to 2 non-mandatory parameter(s) but 8 parameter(s) were found Executed command unsuccessfully Error executing command admin: Names changed to protect the innocent :) admin:set web-security ? Syntax: set web-security orgunit orgname locality state [country] [alternatehostname] orgunit mandatory organizational unit orgname mandatory organizational name locality mandatory location of organization statemandatory state of organization country optional country code can not be changed alternatehostname optional alternate host name admin:set web-security ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
I thought you could only add a single SAN via command line. On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) jason.aar...@dimensiondata.com wrote: Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem? set web-security CH Hawaii Department of Boating Honolulu Hawaii US ton.state.hi.us HI-IT-UC-CM-P.ton.state.hi.us myphone.ton.state.hi.us Expected 4 mandatory and up to 2 non-mandatory parameter(s) but 8 parameter(s) were found Executed command unsuccessfully Error executing command admin: Names changed to protect the innocent :) admin:set web-security ? Syntax: set web-security orgunit orgname locality state [country] [alternatehostname] orgunit mandatory organizational unit orgname mandatory organizational name locality mandatory location of organization statemandatory state of organization country optional country code can not be changed alternatehostname optional alternate host name admin:set web-security ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
There's also the multiserver cert in 10.5 that allows you to add additional entries via OS Admin. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_5_1/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051_chapter_01.html#CUCM_RF_SEC52373_00 -Ryan On Oct 8, 2014, at 2:41 PM, Heim, Dennis dennis.h...@wwt.commailto:dennis.h...@wwt.com wrote: Single SAN as far as I remember too. Best bet is to add it at the CA level. With Windows CA this can be down via the additional parameters on the certsrv webpage if doing it that way. Dennis Heim | Collaboration Solutions Architect World Wide Technology, Inc. | +1 314-212-1814 image001.pnghttps://twitter.com/CollabSensei image002.pngxmpp:dennis.h...@wwt.comimage003.pngtel:+13142121814image004.pngsip:dennis.h...@wwt.com From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Justin Steinberg Sent: Wednesday, October 08, 2014 1:37 PM To: Jason Aarons (AM) Cc: cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI I thought you could only add a single SAN via command line. On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) jason.aar...@dimensiondata.commailto:jason.aar...@dimensiondata.com wrote: Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem? set web-security CH Hawaii Department of Boating Honolulu Hawaii US ton.state.hi.ushttp://ton.state.hi.us/ HI-IT-UC-CM-P.ton.state.hi.ushttp://hi-it-uc-cm-p.ton.state.hi.us/ myphone.ton.state.hi.ushttp://myphone.ton.state.hi.us/ Expected 4 mandatory and up to 2 non-mandatory parameter(s) but 8 parameter(s) were found Executed command unsuccessfully Error executing command admin: Names changed to protect the innocent :) admin:set web-security ? Syntax: set web-security orgunit orgname locality state [country] [alternatehostname] orgunit mandatory organizational unit orgname mandatory organizational name locality mandatory location of organization statemandatory state of organization country optional country code can not be changed alternatehostname optional alternate host name admin:set web-security ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
I believe there is a bug with 10.5 that causes phone registration to reset every 7 minutes or so. Dennis Heim | Collaboration Solutions Architect World Wide Technology, Inc. | +1 314-212-1814 [cid:image001.png@01CFE30A.AC268F20]https://twitter.com/CollabSensei [cid:image002.png@01CFE30A.AC268F20]xmpp:dennis.h...@wwt.com[cid:image003.png@01CFE30A.AC268F20]tel:+13142121814[cid:image004.png@01CFE30A.AC268F20]sip:dennis.h...@wwt.com From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com] Sent: Wednesday, October 08, 2014 2:53 PM To: Heim, Dennis Cc: Justin Steinberg; Jason Aarons (AM); cisco-voip voyp list Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI There's also the multiserver cert in 10.5 that allows you to add additional entries via OS Admin. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_5_1/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051_chapter_01.html#CUCM_RF_SEC52373_00 -Ryan On Oct 8, 2014, at 2:41 PM, Heim, Dennis dennis.h...@wwt.commailto:dennis.h...@wwt.com wrote: Single SAN as far as I remember too. Best bet is to add it at the CA level. With Windows CA this can be down via the additional parameters on the certsrv webpage if doing it that way. Dennis Heim | Collaboration Solutions Architect World Wide Technology, Inc. | +1 314-212-1814 image001.pnghttps://twitter.com/CollabSensei image002.pngxmpp:dennis.h...@wwt.comimage003.pngtel:+13142121814image004.pngsip:dennis.h...@wwt.com From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Justin Steinberg Sent: Wednesday, October 08, 2014 1:37 PM To: Jason Aarons (AM) Cc: cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI I thought you could only add a single SAN via command line. On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) jason.aar...@dimensiondata.commailto:jason.aar...@dimensiondata.com wrote: Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem? set web-security CH Hawaii Department of Boating Honolulu Hawaii US ton.state.hi.ushttp://ton.state.hi.us/ HI-IT-UC-CM-P.ton.state.hi.ushttp://hi-it-uc-cm-p.ton.state.hi.us/ myphone.ton.state.hi.ushttp://myphone.ton.state.hi.us/ Expected 4 mandatory and up to 2 non-mandatory parameter(s) but 8 parameter(s) were found Executed command unsuccessfully Error executing command admin: Names changed to protect the innocent :) admin:set web-security ? Syntax: set web-security orgunit orgname locality state [country] [alternatehostname] orgunit mandatory organizational unit orgname mandatory organizational name locality mandatory location of organization statemandatory state of organization country optional country code can not be changed alternatehostname optional alternate host name admin:set web-security ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI
So I couldn't find a GUI method to add an AlternateSubjectName. My problem with the CUCM 10.5 CLI was only a single SAN (Subject Alternate Name) is supported. Once I removed the other entries it worked. For whatever reason in show web-security the server name is also listed as a AlternateSubjectName. So in short you will see two AlternateSubjectName's even when you only have 1 configured. From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com] Sent: Wednesday, October 08, 2014 2:53 PM To: Heim, Dennis Cc: Justin Steinberg; Jason Aarons (AM); cisco-voip voyp list Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI There's also the multiserver cert in 10.5 that allows you to add additional entries via OS Admin. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_5_1/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051/CUCM_BK_CE15D2A0_00_cucm-release-notes-1051_chapter_01.html#CUCM_RF_SEC52373_00 -Ryan On Oct 8, 2014, at 2:41 PM, Heim, Dennis dennis.h...@wwt.commailto:dennis.h...@wwt.com wrote: Single SAN as far as I remember too. Best bet is to add it at the CA level. With Windows CA this can be down via the additional parameters on the certsrv webpage if doing it that way. Dennis Heim | Collaboration Solutions Architect World Wide Technology, Inc. | +1 314-212-1814 image001.pnghttps://twitter.com/CollabSensei image002.pngxmpp:dennis.h...@wwt.comimage003.pngtel:+13142121814image004.pngsip:dennis.h...@wwt.com From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Justin Steinberg Sent: Wednesday, October 08, 2014 1:37 PM To: Jason Aarons (AM) Cc: cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net Subject: Re: [cisco-voip] CUCM 10.5 Tomcat Subject Alternate Name (SAN) (Alternatehostname) via CLI I thought you could only add a single SAN via command line. On Wed, Oct 8, 2014 at 11:20 AM, Jason Aarons (AM) jason.aar...@dimensiondata.commailto:jason.aar...@dimensiondata.com wrote: Trying to add an alternatehostname in CUCM 10.5 I got the below error. Anyone spot my problem? set web-security CH Hawaii Department of Boating Honolulu Hawaii US ton.state.hi.ushttp://ton.state.hi.us/ HI-IT-UC-CM-P.ton.state.hi.ushttp://hi-it-uc-cm-p.ton.state.hi.us/ myphone.ton.state.hi.ushttp://myphone.ton.state.hi.us/ Expected 4 mandatory and up to 2 non-mandatory parameter(s) but 8 parameter(s) were found Executed command unsuccessfully Error executing command admin: Names changed to protect the innocent :) admin:set web-security ? Syntax: set web-security orgunit orgname locality state [country] [alternatehostname] orgunit mandatory organizational unit orgname mandatory organizational name locality mandatory location of organization statemandatory state of organization country optional country code can not be changed alternatehostname optional alternate host name admin:set web-security ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.netmailto:cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip