If anyone is looking for a short time position in the Detroit area TekSystems is looking for individuals with Cisco call manager experience.
Dale Thompson 12128 Belmont Ave Warren, Michigan 586-757-5840 dthomp7...@earthlink.net -----Original Message----- >From: cisco-voip-requ...@puck.nether.net >Sent: Jul 21, 2015 12:00 PM >To: cisco-voip@puck.nether.net >Subject: cisco-voip Digest, Vol 141, Issue 18 > >Send cisco-voip mailing list submissions to > cisco-voip@puck.nether.net > >To subscribe or unsubscribe via the World Wide Web, visit > https://puck.nether.net/mailman/listinfo/cisco-voip >or, via email, send a message with subject or body 'help' to > cisco-voip-requ...@puck.nether.net > >You can reach the person managing the list at > cisco-voip-ow...@puck.nether.net > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of cisco-voip digest..." > > >Today's Topics: > > 1. Re: Digicert Wildcard certificates (Charles Goldsmith) > 2. CUCM translation pattern postfix digits (NateCCIE) > 3. Re: CUCM translation pattern postfix digits (Ryan Huff) > 4. Re: CUCM translation pattern postfix digits (Ryan Huff) > 5. Re: CUCM translation pattern postfix digits (NateCCIE) > 6. Re: CUCM translation pattern postfix digits (Ryan Huff) > 7. Re: CUCM translation pattern postfix digits (Lelio Fulgenzi) > 8. Re: CUCM translation pattern postfix digits (Ryan Huff) > 9. Re: CUCM translation pattern postfix digits (Dave Goodwin) > 10. Re: Digicert Wildcard certificates (Anthony Holloway) > 11. Greeting notification? (Lisa Notarianni) > 12. Re: Greeting notification? (Lelio Fulgenzi) > 13. Re: Digicert Wildcard certificates (NateCCIE) > 14. How to send call to 10 digit in ICM Scripting (AbdusSaboor Khan) > 15. Re: How to send call to 10 digit in ICM Scripting (Brian Meade) > 16. Re: How to send call to 10 digit in ICM Scripting (Brian Meade) > 17. Call abandonment (chris) > 18. Re: Digicert Wildcard certificates (Justin Steinberg) > 19. E20 - CDP and voice VLANs (Lelio Fulgenzi) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 20 Jul 2015 10:18:27 -0600 >From: Charles Goldsmith <wo...@justfamily.org> >To: Ian Anderson <i...@andersoi.co.uk> >Cc: NateCCIE <natec...@gmail.com>, Cisco VOIP > <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Digicert Wildcard certificates >Message-ID: > <CAGm7T+Arv0XCBfWYMPFSFwQ9SnTn=hrb2c+zjeszyptkewq...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >One thing of note, Digicert works very well with all of our UC apps with >their UC certificate. Add all of your server names as SAN's, as well as >the domain name, and just duplicate the certificate for each app, changing >the CN. It works well and also Digicert has great support. > >On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <i...@andersoi.co.uk> wrote: > >> Hi Nate, >> >> I think that the concern of using wildcards generaly comes from the >> security and compliance folks in that if the private key of any of the >> servers was to be compromised then the resulting public and private keys >> could be used to impersonate any subdomain, e.g e-payments.domain.com.. >> >> That said, as long as the customer is aware of the risk then the digicert >> is a fantastic option, although a lot of these issues go away in 10.5. >> >> The only app I've had it completely throw a wobble on so far is UCCX 9.0 >> as this was checking the CN on certificate upload and didn't like * even >> though the server name as in the SAN. >> >> Cheers >> >> Ian >> >> On 16 July 2015 at 02:35, NateCCIE <natec...@gmail.com> wrote: >> >>> Most of the time wildcard certs mean you have a CSR and a private key >>> generated by something, and then you upload the private key and the public >>> key to lots of servers. The application would need to be able to upload a >>> private key and not require its own CSR. >>> >>> Cucm, unity cxn, uccx, do not support uploading a private key. >>> >>> Expressway, I think conductor do allow you to upload a private key. >>> >>> But what makes digicert really cool is you can buy the wildcard cert, >>> then you keep reissuing a new certificate from that one purchase. >>> >>> You can do this from what I understand an unlimited times. >>> >>> There may be other CAs that do this. I saw one the seemed like it was >>> going to work, but since the CSR did not include the * as a SAN, they would >>> not issue the cert. >>> >>> Digicert with the Willard includes the *.domain.com and domain.com SANs >>> automatically, and you can specify about 15 other SANs for each CSR/cert. >>> >>> So cucm and the other apps are happy because the cert was generated using >>> its own CSR. >>> >>> Using these certs, I had one TAC case where cucm balked at the cert, but >>> I could upload the cluster wide tomcat SAN cert via im&p. This turned out >>> to be a problem with the domain casing not matching between all of the >>> servers and the cert. always use domain.com and not DOMain.com and life >>> is happy. >>> >>> I am not affiliated with digicert other than they are here in Utah also. >>> It just makes life really easy to tell the customer to buy this one cert >>> and O I can make all of the Cisco UC/jabber cert errors go away! >>> >>> Ps. Has anyone figured out what to do with conductor wanting IP address >>> in the SAN? >>> >>> Sent from my iPhone >>> >>> On Jul 15, 2015, at 10:42 AM, Anthony Holloway < >>> avholloway+cisco-v...@gmail.com> wrote: >>> >>> I'm a little confused here. According to this article: >>> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard, >>> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, >>> wild card certs are not supported. Are we talking about the same thing >>> here? >>> >>> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen < >>> peders...@bennettjones.com> wrote: >>> >>>> Digicert lets you put your domain and subdomains of any level as SANs. >>>> It?s great! They even generated a duplicate certificate for me with a >>>> different root CA that was supported with WebEx enabled Telepresence. We >>>> use their wildcard certificates on all of our UC servers. >>>> >>>> >>>> >>>> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On >>>> Behalf Of *Heim, Dennis >>>> *Sent:* 15 July 2015 8:28 AM >>>> *To:* Ian Anderson; NateCCIE; Cisco VOIP >>>> >>>> >>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >>>> >>>> >>>> >>>> I?ve found the hardest thing to find a cert providers that likes putting >>>> the domain as a san such as DNS=mycollab.com. Has anyone found any >>>> providers that are kosher with that? From one of the Cisco Live sessions, I >>>> was told this is needed for service discovery to function properly. >>>> >>>> >>>> >>>> *Dennis Heim | Emerging Technology Architect (Collaboration)* >>>> >>>> World Wide Technology, Inc. | +1 314-212-1814 >>>> >>>> [image: twitter] <https://twitter.com/CollabSensei> >>>> >>>> <image002.png><image003.png> <+13142121814><image004.png> >>>> >>>> ?There is a fine line between Wrong and Visionary. Unfortunately, you >>>> have to be a visionary to see it." ? Sheldon Cooper >>>> >>>> >>>> >>>> Click here to join me in my Collaboration Meeting Room >>>> <https://wwt.webex.com/meet/dennis.heim> >>>> >>>> >>>> >>>> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net >>>> <cisco-voip-boun...@puck.nether.net>] *On Behalf Of *Ian Anderson >>>> >>>> >>>> *Sent:* Wednesday, July 15, 2015 10:18 AM >>>> *To:* NateCCIE; Cisco VOIP >>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >>>> >>>> >>>> >>>> >>>> >>>> On 15 July 2015 at 15:02, NateCCIE <natec...@gmail.com> wrote: >>>> >>>> Did you put all of your SANs in the digicert page? >>>> >>>> z >>>> >>>> I have this working on all of my expressway installs. >>>> >>>> Hi Nate, >>>> >>>> >>>> >>>> Thanks for the quick response, just for preservation in the archives for >>>> future posterity and confirmation that digicert seems fine despite the >>>> warnings in the manuals, it seemed I was running into 2 separate issues. >>>> >>>> >>>> >>>> 1) I had uploaded the intermediate cert, but needed to manually download >>>> and upload the root CA >>>> >>>> 2) That then got me past the TLS error, only to find that I had >>>> fat-fingered the hostname in the SAN field :-( >>>> >>>> >>>> >>>> Cheers >>>> >>>> >>>> >>>> Ian >>>> >>>> >>>> The contents of this message may contain confidential and/or privileged >>>> subject matter. If this message has been received in error, please contact >>>> the sender and delete all copies. Like other forms of communication, e-mail >>>> communications may be vulnerable to interception by unauthorized parties. >>>> If you do not wish us to communicate with you by e-mail, please notify us >>>> at your earliest convenience. In the absence of such notification, your >>>> consent is assumed. Should you choose to allow us to communicate by e-mail, >>>> we will not take any additional security measures (such as encryption) >>>> unless specifically requested. >>>> >>>> If you no longer wish to receive commercial messages, you can >>>> unsubscribe by accessing this link: >>>> http://www.bennettjones.com/unsubscribe >>>> _______________________________________________ >>>> cisco-voip mailing list >>>> cisco-voip@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>> >>> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/c344ab85/attachment-0001.html> >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: image001.png >Type: image/png >Size: 3876 bytes >Desc: not available >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/c344ab85/attachment-0001.png> > >------------------------------ > >Message: 2 >Date: Mon, 20 Jul 2015 18:07:48 -0600 >From: NateCCIE <natec...@gmail.com> >To: "'Cisco VOIP'" <cisco-voip@puck.nether.net> >Subject: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <10e901d0c349$478127e0$d68377a0$@gmail.com> >Content-Type: text/plain; charset="utf-8" > >I want to do some system wide speed dials in CUCM. > > > >*5XXX to call 8XXX3101. > > > >I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >but it doesn?t allow the post fixing of digits and still use the XXX, it needs >to be the last digits. > > > >I know I could do this in IOS, but I really want a CUCM only solution, without >creating an individual TP for each XXX. > > > >Thanks, > >-Nate > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/0aac4b86/attachment-0001.html> > >------------------------------ > >Message: 3 >Date: Mon, 20 Jul 2015 20:27:53 -0400 >From: Ryan Huff <ryanh...@outlook.com> >To: natec...@gmail.com, cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <col401-eas2063bf7ea0d93b6c331da28c5...@phx.gbl> >Content-Type: text/plain; charset="utf-8" > >Nate, > >I am not by my Linux machine (refuse to use winblows) to vet this but could >you do: > >*5XXX with a CPTM of XXX3101 with a prefix of 8? > >Thanks, > >Ryan > >-------- Original Message -------- >From: NateCCIE <natec...@gmail.com> >Sent: Monday, July 20, 2015 08:08 PM >To: 'Cisco VOIP' <cisco-voip@puck.nether.net> >Subject: [cisco-voip] CUCM translation pattern postfix digits > >>I want to do some system wide speed dials in CUCM. >> >> >> >>*5XXX to call 8XXX3101. >> >> >> >>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >>but it doesn?t allow the post fixing of digits and still use the XXX, it >>needs to be the last digits. >> >> >> >>I know I could do this in IOS, but I really want a CUCM only solution, >>without creating an individual TP for each XXX. >> >> >> >>Thanks, >> >>-Nate >> >> >>_______________________________________________ >>cisco-voip mailing list >>cisco-voip@puck.nether.net >>https://puck.nether.net/mailman/listinfo/cisco-voip >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/f26b7855/attachment-0001.html> > >------------------------------ > >Message: 4 >Date: 20 Jul 2015 17:33:51 -0700 >From: Ryan Huff <ryanh...@outlook.com> >To: natec...@gmail.com, cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <col401-eas5017dc5efa7d086d50053ec5...@phx.gbl> >Content-Type: text/plain; charset="utf-8" > >So rather than use a translation pattern, you would use a route pattern. > >Set up an h.323 gateway with a cucm call processing node as the ip address of >the gateway and add that into your route group/route list/route pattern. > >That should work in theory. > >Thanks, > >Ryan > >-------- Original Message -------- >From: Ryan Huff <ryanh...@outlook.com> >Sent: Monday, July 20, 2015 08:27 PM >To: natec...@gmail.com,cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits > >>Nate, >> >>I am not by my Linux machine (refuse to use winblows) to vet this but could >>you do: >> >>*5XXX with a CPTM of XXX3101 with a prefix of 8? >> >>Thanks, >> >>Ryan >> >>-------- Original Message -------- >>From: NateCCIE <natec...@gmail.com> >>Sent: Monday, July 20, 2015 08:08 PM >>To: 'Cisco VOIP' <cisco-voip@puck.nether.net> >>Subject: [cisco-voip] CUCM translation pattern postfix digits >> >>>I want to do some system wide speed dials in CUCM. >>> >>> >>> >>>*5XXX to call 8XXX3101. >>> >>> >>> >>>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >>>but it doesn?t allow the post fixing of digits and still use the XXX, it >>>needs to be the last digits. >>> >>> >>> >>>I know I could do this in IOS, but I really want a CUCM only solution, >>>without creating an individual TP for each XXX. >>> >>> >>> >>>Thanks, >>> >>>-Nate >>> >>> >>>_______________________________________________ >>>cisco-voip mailing list >>>cisco-voip@puck.nether.net >>>https://puck.nether.net/mailman/listinfo/cisco-voip >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/ade67e53/attachment-0001.html> > >------------------------------ > >Message: 5 >Date: Mon, 20 Jul 2015 18:39:15 -0600 >From: NateCCIE <natec...@gmail.com> >To: Ryan Huff <ryanh...@outlook.com> >Cc: "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <ff336189-5408-4d9d-8093-12f8b6d47...@gmail.com> >Content-Type: text/plain; charset="utf-8" > >Called party transformation mask seem to match the XXX to the last digits. > >So with a pattern of XXX the XXX can only be in the last 3 digits of the mask > , DNA shows ? And won't route the call if you have Xs to early in the >pattern. > >Sent from my iPhone >+1 801 718 2308 > >> On Jul 20, 2015, at 6:27 PM, Ryan Huff <ryanh...@outlook.com> wrote: >> >> Nate, >> >> I am not by my Linux machine (refuse to use winblows) to vet this but could >> you do: >> >> *5XXX with a CPTM of XXX3101 with a prefix of 8? >> >> Thanks, >> >> Ryan >> >> >> >> -------- Original Message -------- >> From: NateCCIE <natec...@gmail.com> >> Sent: Monday, July 20, 2015 08:08 PM >> To: 'Cisco VOIP' <cisco-voip@puck.nether.net> >> Subject: [cisco-voip] CUCM translation pattern postfix digits >> >> I want to do some system wide speed dials in CUCM. >> >> >> >> *5XXX to call 8XXX3101. >> >> >> >> I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >> but it doesn?t allow the post fixing of digits and still use the XXX, it >> needs to be the last digits. >> >> >> >> I know I could do this in IOS, but I really want a CUCM only solution, >> without creating an individual TP for each XXX. >> >> >> >> Thanks, >> >> -Nate >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/dad2f6c4/attachment-0001.html> > >------------------------------ > >Message: 6 >Date: 20 Jul 2015 18:13:07 -0700 >From: Ryan Huff <ryanh...@outlook.com> >To: natec...@gmail.com >Cc: cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <col401-eas12644e74f0b1a13d2ac87a7c5...@phx.gbl> >Content-Type: text/plain; charset="utf-8" > >Xlate : *5XXX (CPTM: 8XXX) > >Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 >gateway that uses a ccm call processing node as the ip address of the gateway. > >It could be the IPA talking but that sounds like it should work? > >Thanks, > >Ryan >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/4329883e/attachment-0001.html> > >------------------------------ > >Message: 7 >Date: Mon, 20 Jul 2015 21:22:50 -0400 (EDT) >From: Lelio Fulgenzi <le...@uoguelph.ca> >To: Ryan Huff <ryanh...@outlook.com>, natec...@gmail.com >Cc: cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: > <1237215267.627291.1437441770347.javamail.zim...@uoguelph.ca> >Content-Type: text/plain; charset="utf-8" > >In v9, translation pattern does not accept X as valid character for prefix >field. :( > >Since the purposes are similar, I'm guessing route patterns wouldn't allow it >either. > >This is a good one. > >--- >Lelio Fulgenzi, B.A. >Senior Analyst, Network Infrastructure >Computing and Communications Services (CCS) >University of Guelph > >519?824?4120 Ext 56354 >le...@uoguelph.ca >www.uoguelph.ca/ccs >Room 037, Animal Science and Nutrition Building >Guelph, Ontario, N1G 2W1 > >----- Original Message ----- > >From: "Ryan Huff" <ryanh...@outlook.com> >To: natec...@gmail.com >Cc: cisco-voip@puck.nether.net >Sent: Monday, 20 July, 2015 9:13:07 PM >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits > > > >Xlate : *5XXX (CPTM: 8XXX) > >Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 >gateway that uses a ccm call processing node as the ip address of the gateway. > >It could be the IPA talking but that sounds like it should work? > >Thanks, > >Ryan > >-------- Original Message -------- >From: NateCCIE <natec...@gmail.com> >Sent: Monday, July 20, 2015 08:39 PM >To: Ryan Huff <ryanh...@outlook.com> >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >CC: cisco-voip@puck.nether.net > >Called party transformation mask seem to match the XXX to the last digits. > >So with a pattern of XXX the XXX can only be in the last 3 digits of the mask >, DNA shows ? And won't route the call if you have Xs to early in the pattern. > >Sent from my iPhone >+1 801 718 2308 > >On Jul 20, 2015, at 6:27 PM, Ryan Huff < ryanh...@outlook.com > wrote: > > > > > > >Nate, > >I am not by my Linux machine (refuse to use winblows) to vet this but could >you do: > >*5XXX with a CPTM of XXX3101 with a prefix of 8? > >Thanks, > >Ryan > >-------- Original Message -------- >From: NateCCIE < natec...@gmail.com > >Sent: Monday, July 20, 2015 08:08 PM >To: 'Cisco VOIP' < cisco-voip@puck.nether.net > >Subject: [cisco-voip] CUCM translation pattern postfix digits > > > >I want to do some system wide speed dials in CUCM. > > > >*5XXX to call 8XXX3101. > > > >I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >but it doesn?t allow the post fixing of digits and still use the XXX, it needs >to be the last digits. > > > >I know I could do this in IOS, but I really want a CUCM only solution, without >creating an individual TP for each XXX. > > > >Thanks, > >-Nate > > > >_______________________________________________ >cisco-voip mailing list >cisco-voip@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-voip > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/ba055014/attachment-0001.html> > >------------------------------ > >Message: 8 >Date: Mon, 20 Jul 2015 21:29:43 -0400 >From: Ryan Huff <ryanh...@outlook.com> >To: le...@uoguelph.ca, natec...@gmail.com >Cc: cisco-voip@puck.nether.net >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: <col401-eas665d6f2e7906bf1986747fc5...@phx.gbl> >Content-Type: text/plain; charset="utf-8" > >Well Lelio, that is what you get for trying to do digit manipulation on a >napkin in between wings! Lol > >Thanks, > >Ryan > >-------- Original Message -------- >From: Lelio Fulgenzi <le...@uoguelph.ca> >Sent: Monday, July 20, 2015 09:22 PM >To: Ryan Huff <ryanh...@outlook.com>,natec...@gmail.com >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >CC: cisco-voip@puck.nether.net > >>In v9, translation pattern does not accept X as valid character for prefix >>field. :( >> >>Since the purposes are similar, I'm guessing route patterns wouldn't allow it >>either. >> >>This is a good one. >> >>--- >>Lelio Fulgenzi, B.A. >>Senior Analyst, Network Infrastructure >>Computing and Communications Services (CCS) >>University of Guelph >> >>519?824?4120 Ext 56354 >>le...@uoguelph.ca >>www.uoguelph.ca/ccs >>Room 037, Animal Science and Nutrition Building >>Guelph, Ontario, N1G 2W1 >> >>----- Original Message ----- >> >>From: "Ryan Huff" <ryanh...@outlook.com> >>To: natec...@gmail.com >>Cc: cisco-voip@puck.nether.net >>Sent: Monday, 20 July, 2015 9:13:07 PM >>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >> >> >> >>Xlate : *5XXX (CPTM: 8XXX) >> >>Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to h.323 >>gateway that uses a ccm call processing node as the ip address of the >>gateway. >> >>It could be the IPA talking but that sounds like it should work? >> >>Thanks, >> >>Ryan >> >>-------- Original Message -------- >>From: NateCCIE <natec...@gmail.com> >>Sent: Monday, July 20, 2015 08:39 PM >>To: Ryan Huff <ryanh...@outlook.com> >>Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >>CC: cisco-voip@puck.nether.net >> >>Called party transformation mask seem to match the XXX to the last digits. >> >>So with a pattern of XXX the XXX can only be in the last 3 digits of the mask >>, DNA shows ? And won't route the call if you have Xs to early in the >>pattern. >> >>Sent from my iPhone >>+1 801 718 2308 >> >>On Jul 20, 2015, at 6:27 PM, Ryan Huff < ryanh...@outlook.com > wrote: >> >> >> >> >> >> >>Nate, >> >>I am not by my Linux machine (refuse to use winblows) to vet this but could >>you do: >> >>*5XXX with a CPTM of XXX3101 with a prefix of 8? >> >>Thanks, >> >>Ryan >> >>-------- Original Message -------- >>From: NateCCIE < natec...@gmail.com > >>Sent: Monday, July 20, 2015 08:08 PM >>To: 'Cisco VOIP' < cisco-voip@puck.nether.net > >>Subject: [cisco-voip] CUCM translation pattern postfix digits >> >> >> >>I want to do some system wide speed dials in CUCM. >> >> >> >>*5XXX to call 8XXX3101. >> >> >> >>I tried Called Party Transform Mask on the translation pattern of 8XXX3101, >>but it doesn?t allow the post fixing of digits and still use the XXX, it >>needs to be the last digits. >> >> >> >>I know I could do this in IOS, but I really want a CUCM only solution, >>without creating an individual TP for each XXX. >> >> >> >>Thanks, >> >>-Nate >> >> >> >>_______________________________________________ >>cisco-voip mailing list >>cisco-voip@puck.nether.net >>https://puck.nether.net/mailman/listinfo/cisco-voip >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/e8a401a0/attachment-0001.html> > >------------------------------ > >Message: 9 >Date: Mon, 20 Jul 2015 22:24:33 -0400 >From: Dave Goodwin <dave.good...@december.net> >To: Ryan Huff <ryanh...@outlook.com> >Cc: le...@uoguelph.ca, natec...@gmail.com, > "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >Message-ID: > <CAMmXPv4g3vMFcq=huh9mwe8mbav0pnoydblppckdz-v_e2v...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >I tried creating a dummy CTIRP with a DN of *5XXX and set it to CFA to >8XXX3101. That appears to be configurable (I did it on a test 10.5 box), >and when I check DNA it seems to indicate the correct pattern for the CFA. >However, when I did a quick test dialing out to *5123, I didn't get it to >ring 81233101. Unfortunately I don't have any more time at the moment to >try digging through the trace to see if I can see why it didn't work, but I >at least thought I would share that this strange way of doing it at least >gives you the appearance it could work. :-\ > >On Mon, Jul 20, 2015 at 9:29 PM, Ryan Huff <ryanh...@outlook.com> wrote: > >> Well Lelio, that is what you get for trying to do digit manipulation on a >> napkin in between wings! Lol >> >> Thanks, >> >> Ryan >> >> >> -------- Original Message -------- >> From: Lelio Fulgenzi <le...@uoguelph.ca> >> Sent: Monday, July 20, 2015 09:22 PM >> To: Ryan Huff <ryanh...@outlook.com>,natec...@gmail.com >> Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >> CC: cisco-voip@puck.nether.net >> >> In v9, translation pattern does not accept X as valid character for prefix >> field. :( >> >> Since the purposes are similar, I'm guessing route patterns wouldn't allow >> it either. >> >> This is a good one. >> >> --- >> Lelio Fulgenzi, B.A. >> Senior Analyst, Network Infrastructure >> Computing and Communications Services (CCS) >> University of Guelph >> >> 519?824?4120 Ext 56354 >> le...@uoguelph.ca >> www.uoguelph.ca/ccs >> Room 037, Animal Science and Nutrition Building >> Guelph, Ontario, N1G 2W1 >> >> ------------------------------ >> *From: *"Ryan Huff" <ryanh...@outlook.com> >> *To: *natec...@gmail.com >> *Cc: *cisco-voip@puck.nether.net >> *Sent: *Monday, 20 July, 2015 9:13:07 PM >> *Subject: *Re: [cisco-voip] CUCM translation pattern postfix digits >> >> Xlate : *5XXX (CPTM: 8XXX) >> >> Route Pattern: 8XXX (CPTM: 3101 Prefix: 8XXX) <-> Route list/group to >> h.323 gateway that uses a ccm call processing node as the ip address of the >> gateway. >> >> It could be the IPA talking but that sounds like it should work? >> >> Thanks, >> >> Ryan >> >> >> -------- Original Message -------- >> From: NateCCIE <natec...@gmail.com> >> Sent: Monday, July 20, 2015 08:39 PM >> To: Ryan Huff <ryanh...@outlook.com> >> Subject: Re: [cisco-voip] CUCM translation pattern postfix digits >> CC: cisco-voip@puck.nether.net >> >> Called party transformation mask seem to match the XXX to the last digits. >> >> So with a pattern of XXX the XXX can only be in the last 3 digits of the >> mask , DNA shows ? And won't route the call if you have Xs to early in >> the pattern. >> >> Sent from my iPhone >> +1 801 718 2308 >> >> On Jul 20, 2015, at 6:27 PM, Ryan Huff <ryanh...@outlook.com> wrote: >> >> Nate, >> >> I am not by my Linux machine (refuse to use winblows) to vet this but >> could you do: >> >> *5XXX with a CPTM of XXX3101 with a prefix of 8? >> >> Thanks, >> >> Ryan >> >> >> -------- Original Message -------- >> From: NateCCIE <natec...@gmail.com> >> Sent: Monday, July 20, 2015 08:08 PM >> To: 'Cisco VOIP' <cisco-voip@puck.nether.net> >> Subject: [cisco-voip] CUCM translation pattern postfix digits >> >> I want to do some system wide speed dials in CUCM. >> >> >> >> *5XXX to call 8XXX3101. >> >> >> >> I tried Called Party Transform Mask on the translation pattern of >> 8XXX3101, but it doesn?t allow the post fixing of digits and still use the >> XXX, it needs to be the last digits. >> >> >> >> I know I could do this in IOS, but I really want a CUCM only solution, >> without creating an individual TP for each XXX. >> >> >> >> Thanks, >> >> -Nate >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150720/a6ad4408/attachment-0001.html> > >------------------------------ > >Message: 10 >Date: Tue, 21 Jul 2015 05:48:45 +0000 >From: Anthony Holloway <avholloway+cisco-v...@gmail.com> >To: Charles Goldsmith <wo...@justfamily.org>, Ian Anderson > <i...@andersoi.co.uk> >Cc: Cisco VOIP <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Digicert Wildcard certificates >Message-ID: > <CACRCJOjK9H3OueM-O_92x=tb0ypbherfhsn3xvdnliwergv...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >That's great to hear about digicert. I just went through a rough time with >Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How >many SAN entries does digicert limit you to and at what price per year? > >On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wo...@justfamily.org> >wrote: > >> One thing of note, Digicert works very well with all of our UC apps with >> their UC certificate. Add all of your server names as SAN's, as well as >> the domain name, and just duplicate the certificate for each app, changing >> the CN. It works well and also Digicert has great support. >> >> On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <i...@andersoi.co.uk> wrote: >> >>> Hi Nate, >>> >>> I think that the concern of using wildcards generaly comes from the >>> security and compliance folks in that if the private key of any of the >>> servers was to be compromised then the resulting public and private keys >>> could be used to impersonate any subdomain, e.g e-payments.domain.com.. >>> >>> That said, as long as the customer is aware of the risk then the digicert >>> is a fantastic option, although a lot of these issues go away in 10.5. >>> >>> The only app I've had it completely throw a wobble on so far is UCCX 9.0 >>> as this was checking the CN on certificate upload and didn't like * even >>> though the server name as in the SAN. >>> >>> Cheers >>> >>> Ian >>> >>> On 16 July 2015 at 02:35, NateCCIE <natec...@gmail.com> wrote: >>> >>>> Most of the time wildcard certs mean you have a CSR and a private key >>>> generated by something, and then you upload the private key and the public >>>> key to lots of servers. The application would need to be able to upload a >>>> private key and not require its own CSR. >>>> >>>> Cucm, unity cxn, uccx, do not support uploading a private key. >>>> >>>> Expressway, I think conductor do allow you to upload a private key. >>>> >>>> But what makes digicert really cool is you can buy the wildcard cert, >>>> then you keep reissuing a new certificate from that one purchase. >>>> >>>> You can do this from what I understand an unlimited times. >>>> >>>> There may be other CAs that do this. I saw one the seemed like it was >>>> going to work, but since the CSR did not include the * as a SAN, they would >>>> not issue the cert. >>>> >>>> Digicert with the Willard includes the *.domain.com and domain.com SANs >>>> automatically, and you can specify about 15 other SANs for each CSR/cert. >>>> >>>> So cucm and the other apps are happy because the cert was generated >>>> using its own CSR. >>>> >>>> Using these certs, I had one TAC case where cucm balked at the cert, but >>>> I could upload the cluster wide tomcat SAN cert via im&p. This turned out >>>> to be a problem with the domain casing not matching between all of the >>>> servers and the cert. always use domain.com and not DOMain.com and life >>>> is happy. >>>> >>>> I am not affiliated with digicert other than they are here in Utah also. >>>> It just makes life really easy to tell the customer to buy this one cert >>>> and O I can make all of the Cisco UC/jabber cert errors go away! >>>> >>>> Ps. Has anyone figured out what to do with conductor wanting IP address >>>> in the SAN? >>>> >>>> Sent from my iPhone >>>> >>>> On Jul 15, 2015, at 10:42 AM, Anthony Holloway < >>>> avholloway+cisco-v...@gmail.com> wrote: >>>> >>>> I'm a little confused here. According to this article: >>>> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard, >>>> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, >>>> wild card certs are not supported. Are we talking about the same thing >>>> here? >>>> >>>> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen < >>>> peders...@bennettjones.com> wrote: >>>> >>>>> Digicert lets you put your domain and subdomains of any level as >>>>> SANs. It?s great! They even generated a duplicate certificate for me with >>>>> a >>>>> different root CA that was supported with WebEx enabled Telepresence. We >>>>> use their wildcard certificates on all of our UC servers. >>>>> >>>>> >>>>> >>>>> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On >>>>> Behalf Of *Heim, Dennis >>>>> *Sent:* 15 July 2015 8:28 AM >>>>> *To:* Ian Anderson; NateCCIE; Cisco VOIP >>>>> >>>>> >>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >>>>> >>>>> >>>>> >>>>> I?ve found the hardest thing to find a cert providers that likes >>>>> putting the domain as a san such as DNS=mycollab.com. Has anyone found any >>>>> providers that are kosher with that? From one of the Cisco Live sessions, >>>>> I >>>>> was told this is needed for service discovery to function properly. >>>>> >>>>> >>>>> >>>>> *Dennis Heim | Emerging Technology Architect (Collaboration)* >>>>> >>>>> World Wide Technology, Inc. | +1 314-212-1814 >>>>> >>>>> [image: twitter] <https://twitter.com/CollabSensei> >>>>> >>>>> <image002.png><image003.png> <+13142121814><image004.png> >>>>> >>>>> ?There is a fine line between Wrong and Visionary. Unfortunately, you >>>>> have to be a visionary to see it." ? Sheldon Cooper >>>>> >>>>> >>>>> >>>>> Click here to join me in my Collaboration Meeting Room >>>>> <https://wwt.webex.com/meet/dennis.heim> >>>>> >>>>> >>>>> >>>>> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net >>>>> <cisco-voip-boun...@puck.nether.net>] *On Behalf Of *Ian Anderson >>>>> >>>>> >>>>> *Sent:* Wednesday, July 15, 2015 10:18 AM >>>>> *To:* NateCCIE; Cisco VOIP >>>>> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 15 July 2015 at 15:02, NateCCIE <natec...@gmail.com> wrote: >>>>> >>>>> Did you put all of your SANs in the digicert page? >>>>> >>>>> z >>>>> >>>>> I have this working on all of my expressway installs. >>>>> >>>>> Hi Nate, >>>>> >>>>> >>>>> >>>>> Thanks for the quick response, just for preservation in the archives >>>>> for future posterity and confirmation that digicert seems fine despite the >>>>> warnings in the manuals, it seemed I was running into 2 separate issues. >>>>> >>>>> >>>>> >>>>> 1) I had uploaded the intermediate cert, but needed to manually >>>>> download and upload the root CA >>>>> >>>>> 2) That then got me past the TLS error, only to find that I had >>>>> fat-fingered the hostname in the SAN field :-( >>>>> >>>>> >>>>> >>>>> Cheers >>>>> >>>>> >>>>> >>>>> Ian >>>>> >>>>> >>>>> The contents of this message may contain confidential and/or privileged >>>>> subject matter. If this message has been received in error, please contact >>>>> the sender and delete all copies. Like other forms of communication, >>>>> e-mail >>>>> communications may be vulnerable to interception by unauthorized parties. >>>>> If you do not wish us to communicate with you by e-mail, please notify us >>>>> at your earliest convenience. In the absence of such notification, your >>>>> consent is assumed. Should you choose to allow us to communicate by >>>>> e-mail, >>>>> we will not take any additional security measures (such as encryption) >>>>> unless specifically requested. >>>>> >>>>> If you no longer wish to receive commercial messages, you can >>>>> unsubscribe by accessing this link: >>>>> http://www.bennettjones.com/unsubscribe >>>>> _______________________________________________ >>>>> cisco-voip mailing list >>>>> cisco-voip@puck.nether.net >>>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>>> >>>> >>> >>> _______________________________________________ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/0c12cef0/attachment-0001.html> >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: image001.png >Type: image/png >Size: 3876 bytes >Desc: not available >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/0c12cef0/attachment-0001.png> > >------------------------------ > >Message: 11 >Date: Tue, 21 Jul 2015 08:06:27 +0000 >From: Lisa Notarianni <lisa.notaria...@scranton.edu> >To: "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> >Subject: [cisco-voip] Greeting notification? >Message-ID: <1045c29d-2c8d-4229-ab2c-ea2dce597...@scranton.edu> >Content-Type: text/plain; charset="us-ascii" > >In Unity Connection 10.5 is there any way to be notified if a greeting changes? > >I need to email the wav file of greetings for groups traveling abroad on >service trips each time their greetings change. It would be helpful to know >when they change. > >It needs to be a greeting because parents will also call in to hear the status >update as they progress on their trips. > >Any ideas out there? > >Thanks, > >Lisa Notarianni >Manager of Business and Telecom Services >The University of Scranton > > > > > >------------------------------ > >Message: 12 >Date: Tue, 21 Jul 2015 06:19:43 -0400 (EDT) >From: Lelio Fulgenzi <le...@uoguelph.ca> >To: Lisa Notarianni <lisa.notaria...@scranton.edu> >Cc: "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Greeting notification? >Message-ID: <a42d5f3a-0f95-4055-9701-0170e93d8...@uoguelph.ca> >Content-Type: text/plain; charset=us-ascii > >I believe there are a few unity connection tools that log (port) activity. You >could (possibly) use an app that monitors the file for specific lines of text >and then proceed from there. > >Alternatively, (and much easier) if timing is not a factor, you could ask them >to leave a message on a special mailbox. From there, trigger an email that >sends the email message. Then, go and save the message as their greeting using >media master bar utilities. > > > >Sent from my iPhone > >> On Jul 21, 2015, at 4:07 AM, Lisa Notarianni <lisa.notaria...@scranton.edu> >> wrote: >> >> In Unity Connection 10.5 is there any way to be notified if a greeting >> changes? >> >> I need to email the wav file of greetings for groups traveling abroad on >> service trips each time their greetings change. It would be helpful to know >> when they change. >> >> It needs to be a greeting because parents will also call in to hear the >> status update as they progress on their trips. >> >> Any ideas out there? >> >> Thanks, >> >> Lisa Notarianni >> Manager of Business and Telecom Services >> The University of Scranton >> >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip > > >------------------------------ > >Message: 13 >Date: Tue, 21 Jul 2015 06:16:23 -0600 >From: "NateCCIE" <natec...@gmail.com> >To: "'Anthony Holloway'" <avholloway+cisco-v...@gmail.com>, "'Charles > Goldsmith'" <wo...@justfamily.org>, "'Ian Anderson'" > <i...@andersoi.co.uk> >Cc: "'Cisco VOIP'" <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Digicert Wildcard certificates >Message-ID: <004601d0c3af$1039c920$30ad5b60$@gmail.com> >Content-Type: text/plain; charset="utf-8" > >I think it?s 15 SANS plus *.domain.com and domain.com > > > >Pricing is at https://www.digicert.com/wildcard-ssl-certificates.htm > > > > > >From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of >Anthony Holloway >Sent: Monday, July 20, 2015 11:49 PM >To: Charles Goldsmith; Ian Anderson >Cc: Cisco VOIP >Subject: Re: [cisco-voip] Digicert Wildcard certificates > > > >That's great to hear about digicert. I just went through a rough time with >Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How >many SAN entries does digicert limit you to and at what price per year? > > > >On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wo...@justfamily.org ><mailto:wo...@justfamily.org> > wrote: > >One thing of note, Digicert works very well with all of our UC apps with their >UC certificate. Add all of your server names as SAN's, as well as the domain >name, and just duplicate the certificate for each app, changing the CN. It >works well and also Digicert has great support. > > > >On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <i...@andersoi.co.uk ><mailto:i...@andersoi.co.uk> > wrote: > >Hi Nate, > > > >I think that the concern of using wildcards generaly comes from the security >and compliance folks in that if the private key of any of the servers was to >be compromised then the resulting public and private keys could be used to >impersonate any subdomain, e.g e-payments.domain.com ><http://e-payments.domain.com> .. > > > >That said, as long as the customer is aware of the risk then the digicert is a >fantastic option, although a lot of these issues go away in 10.5. > > > >The only app I've had it completely throw a wobble on so far is UCCX 9.0 as >this was checking the CN on certificate upload and didn't like * even though >the server name as in the SAN. > > > >Cheers > > > >Ian > > > >On 16 July 2015 at 02:35, NateCCIE <natec...@gmail.com ><mailto:natec...@gmail.com> > wrote: > >Most of the time wildcard certs mean you have a CSR and a private key >generated by something, and then you upload the private key and the public key >to lots of servers. The application would need to be able to upload a private >key and not require its own CSR. > > > >Cucm, unity cxn, uccx, do not support uploading a private key. > > > >Expressway, I think conductor do allow you to upload a private key. > > > >But what makes digicert really cool is you can buy the wildcard cert, then you >keep reissuing a new certificate from that one purchase. > > > >You can do this from what I understand an unlimited times. > > > >There may be other CAs that do this. I saw one the seemed like it was going >to work, but since the CSR did not include the * as a SAN, they would not >issue the cert. > > > >Digicert with the Willard includes the *.domain.com <http://domain.com> and >domain.com <http://domain.com> SANs automatically, and you can specify about >15 other SANs for each CSR/cert. > > > >So cucm and the other apps are happy because the cert was generated using its >own CSR. > > > >Using these certs, I had one TAC case where cucm balked at the cert, but I >could upload the cluster wide tomcat SAN cert via im&p. This turned out to be >a problem with the domain casing not matching between all of the servers and >the cert. always use domain.com <http://domain.com> and not DOMain.com ><http://DOMain.com> and life is happy. > > > >I am not affiliated with digicert other than they are here in Utah also. It >just makes life really easy to tell the customer to buy this one cert and O I >can make all of the Cisco UC/jabber cert errors go away! > > > >Ps. Has anyone figured out what to do with conductor wanting IP address in the >SAN? > >Sent from my iPhone > > >On Jul 15, 2015, at 10:42 AM, Anthony Holloway ><avholloway+cisco-v...@gmail.com <mailto:avholloway+cisco-v...@gmail.com> > >wrote: > >I'm a little confused here. According to this article: >http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard, > and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, wild >card certs are not supported. Are we talking about the same thing here? > > > >On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <peders...@bennettjones.com ><mailto:peders...@bennettjones.com> > wrote: > >Digicert lets you put your domain and subdomains of any level as SANs. It?s >great! They even generated a duplicate certificate for me with a different >root CA that was supported with WebEx enabled Telepresence. We use their >wildcard certificates on all of our UC servers. > > > >From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net ><mailto:cisco-voip-boun...@puck.nether.net> ] On Behalf Of Heim, Dennis >Sent: 15 July 2015 8:28 AM >To: Ian Anderson; NateCCIE; Cisco VOIP > > >Subject: Re: [cisco-voip] Digicert Wildcard certificates > > > >I?ve found the hardest thing to find a cert providers that likes putting the >domain as a san such as DNS=mycollab.com. Has anyone found any providers that >are kosher with that? From one of the Cisco Live sessions, I was told this is >needed for service discovery to function properly. > > > >Dennis Heim | Emerging Technology Architect (Collaboration) > >World Wide Technology, Inc. | +1 314-212-1814 <tel:%2B1%20314-212-1814> > > <https://twitter.com/CollabSensei> > ><image002.png> <tel:+13142121814> <image003.png><image004.png> > >?There is a fine line between Wrong and Visionary. Unfortunately, you have to >be a visionary to see it." ? Sheldon Cooper > > > > <https://wwt.webex.com/meet/dennis.heim> Click here to join me in my > Collaboration Meeting Room > > > >From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ian >Anderson > > >Sent: Wednesday, July 15, 2015 10:18 AM >To: NateCCIE; Cisco VOIP >Subject: Re: [cisco-voip] Digicert Wildcard certificates > > > > > >On 15 July 2015 at 15:02, NateCCIE <natec...@gmail.com ><mailto:natec...@gmail.com> > wrote: > >Did you put all of your SANs in the digicert page? > >z > >I have this working on all of my expressway installs. > >Hi Nate, > > > >Thanks for the quick response, just for preservation in the archives for >future posterity and confirmation that digicert seems fine despite the >warnings in the manuals, it seemed I was running into 2 separate issues. > > > >1) I had uploaded the intermediate cert, but needed to manually download and >upload the root CA > >2) That then got me past the TLS error, only to find that I had fat-fingered >the hostname in the SAN field :-( > > > >Cheers > > > >Ian > > > >The contents of this message may contain confidential and/or privileged >subject matter. If this message has been received in error, please contact the >sender and delete all copies. Like other forms of communication, e-mail >communications may be vulnerable to interception by unauthorized parties. If >you do not wish us to communicate with you by e-mail, please notify us at your >earliest convenience. In the absence of such notification, your consent is >assumed. Should you choose to allow us to communicate by e-mail, we will not >take any additional security measures (such as encryption) unless specifically >requested. > >If you no longer wish to receive commercial messages, you can unsubscribe by >accessing this link: http://www.bennettjones.com/unsubscribe > >_______________________________________________ >cisco-voip mailing list >cisco-voip@puck.nether.net <mailto:cisco-voip@puck.nether.net> >https://puck.nether.net/mailman/listinfo/cisco-voip > > > > >_______________________________________________ >cisco-voip mailing list >cisco-voip@puck.nether.net <mailto:cisco-voip@puck.nether.net> >https://puck.nether.net/mailman/listinfo/cisco-voip > > > >_______________________________________________ >cisco-voip mailing list >cisco-voip@puck.nether.net <mailto:cisco-voip@puck.nether.net> >https://puck.nether.net/mailman/listinfo/cisco-voip > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/269034c5/attachment-0001.html> >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: image001.png >Type: image/png >Size: 3876 bytes >Desc: not available >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/269034c5/attachment-0001.png> > >------------------------------ > >Message: 14 >Date: Tue, 21 Jul 2015 10:27:37 -0400 >From: AbdusSaboor Khan <saboor.k...@gmail.com> >To: Cisco VoIP List <cisco-voip@puck.nether.net> >Subject: [cisco-voip] How to send call to 10 digit in ICM Scripting >Message-ID: > <CAPfAR6_HxiZcyXF50NmWkyKy3x0G2MEkMx6evLc=728qn6e...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >Hi, > >Can someone guide me how to send call to to 10 Digits in ICM scripting, as >sending to some digits label is working fine and then we need to call >forward on that extension in Call manager. Here is the scenario, > >Our Script is like press 1 to an agent > >press 2 for field agent (need to forward that call to that agent who is not >login into CAD) > >Regards, > >Abdul >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/d6adef30/attachment-0001.html> > >------------------------------ > >Message: 15 >Date: Tue, 21 Jul 2015 10:40:39 -0400 >From: Brian Meade <bmead...@vt.edu> >To: AbdusSaboor Khan <saboor.k...@gmail.com> >Cc: Cisco VoIP List <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] How to send call to 10 digit in ICM > Scripting >Message-ID: > <cagcuyh0dffognzgyvjonzedtmc6nw58n19fnadrwc5wjtpf...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >Abdul, > >Usually you'll want to use the Call Redirect step for something like this. > >Brian > >On Tue, Jul 21, 2015 at 10:27 AM, AbdusSaboor Khan <saboor.k...@gmail.com> >wrote: > >> Hi, >> >> Can someone guide me how to send call to to 10 Digits in ICM scripting, as >> sending to some digits label is working fine and then we need to call >> forward on that extension in Call manager. Here is the scenario, >> >> Our Script is like press 1 to an agent >> >> press 2 for field agent (need to forward that call to that agent who is >> not login into CAD) >> >> Regards, >> >> Abdul >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/bb890b83/attachment-0001.html> > >------------------------------ > >Message: 16 >Date: Tue, 21 Jul 2015 10:50:07 -0400 >From: Brian Meade <bmead...@vt.edu> >To: AbdusSaboor Khan <saboor.k...@gmail.com> >Cc: Cisco VoIP List <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] How to send call to 10 digit in ICM > Scripting >Message-ID: > <cagcuyh0ag65d1ulkhpm6zxyoytjewyapipm3zdhw7n4yu2m...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >Nevermind, didn't realize how different it was in ICM scripting. > >On Tue, Jul 21, 2015 at 10:40 AM, Brian Meade <bmead...@vt.edu> wrote: > >> Abdul, >> >> Usually you'll want to use the Call Redirect step for something like this. >> >> Brian >> >> On Tue, Jul 21, 2015 at 10:27 AM, AbdusSaboor Khan <saboor.k...@gmail.com> >> wrote: >> >>> Hi, >>> >>> Can someone guide me how to send call to to 10 Digits in ICM scripting, >>> as sending to some digits label is working fine and then we need to call >>> forward on that extension in Call manager. Here is the scenario, >>> >>> Our Script is like press 1 to an agent >>> >>> press 2 for field agent (need to forward that call to that agent who is >>> not login into CAD) >>> >>> Regards, >>> >>> Abdul >>> >>> _______________________________________________ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/391fea95/attachment-0001.html> > >------------------------------ > >Message: 17 >Date: Tue, 21 Jul 2015 11:10:54 -0400 >From: chris <tknch...@gmail.com> >To: cisco-voip@puck.nether.net >Subject: [cisco-voip] Call abandonment >Message-ID: > <caknnfz-ddut-iutnkbzss8cv9ptzfofaj2ncod3thwjrsx9...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >Anyone doing any call abandonment with cisco ? We were looking at >chronicall but doesn't not support cisco. Our site has a small CME install >with sip trunks so would prefer something sip based so we have flexibility >going forward > >If anyone has any hands on experience or recommendations please do share on >or off list > >Thanks >Chris >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/974ec8af/attachment-0001.html> > >------------------------------ > >Message: 18 >Date: Tue, 21 Jul 2015 11:24:29 -0400 >From: Justin Steinberg <jsteinb...@gmail.com> >To: NateCCIE <natec...@gmail.com> >Cc: Anthony Holloway <avholloway+cisco-v...@gmail.com>, Charles > Goldsmith <wo...@justfamily.org>, Ian Anderson <i...@andersoi.co.uk>, > Cisco VOIP <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Digicert Wildcard certificates >Message-ID: > <caccaghy4ou7dw_oovhreswwxmuy8iapm-4kmvkpxusfy1+m...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >While we are on the topic of certs, has anyone had issues with certain CAs >not allowing top level domain as a SAN (e.g. cisco.com) ? > >GoDaddy would complain in the UI that you shouldn't have a top level domain >as a SAN but would still sign the cert. I'm having a problem know with >Internet2/Incommon where it won't let me put a top level domain in the cert >as a SAN. It just won't take the CSR. > >Justin > >On Tue, Jul 21, 2015 at 8:16 AM, NateCCIE <natec...@gmail.com> wrote: > >> I think it?s 15 SANS plus *.domain.com and domain.com >> >> >> >> Pricing is at https://www.digicert.com/wildcard-ssl-certificates.htm >> >> >> >> >> >> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf >> Of *Anthony Holloway >> *Sent:* Monday, July 20, 2015 11:49 PM >> *To:* Charles Goldsmith; Ian Anderson >> *Cc:* Cisco VOIP >> >> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >> >> >> >> That's great to hear about digicert. I just went through a rough time with >> Comodo trying to get multiserver certs and my CNAMEs in the SAN field. How >> many SAN entries does digicert limit you to and at what price per year? >> >> >> >> On Mon, Jul 20, 2015 at 11:19 AM Charles Goldsmith <wo...@justfamily.org> >> wrote: >> >> One thing of note, Digicert works very well with all of our UC apps with >> their UC certificate. Add all of your server names as SAN's, as well as >> the domain name, and just duplicate the certificate for each app, changing >> the CN. It works well and also Digicert has great support. >> >> >> >> On Sun, Jul 19, 2015 at 4:27 AM, Ian Anderson <i...@andersoi.co.uk> wrote: >> >> Hi Nate, >> >> >> >> I think that the concern of using wildcards generaly comes from the >> security and compliance folks in that if the private key of any of the >> servers was to be compromised then the resulting public and private keys >> could be used to impersonate any subdomain, e.g e-payments.domain.com.. >> >> >> >> That said, as long as the customer is aware of the risk then the digicert >> is a fantastic option, although a lot of these issues go away in 10.5. >> >> >> >> The only app I've had it completely throw a wobble on so far is UCCX 9.0 >> as this was checking the CN on certificate upload and didn't like * even >> though the server name as in the SAN. >> >> >> >> Cheers >> >> >> >> Ian >> >> >> >> On 16 July 2015 at 02:35, NateCCIE <natec...@gmail.com> wrote: >> >> Most of the time wildcard certs mean you have a CSR and a private key >> generated by something, and then you upload the private key and the public >> key to lots of servers. The application would need to be able to upload a >> private key and not require its own CSR. >> >> >> >> Cucm, unity cxn, uccx, do not support uploading a private key. >> >> >> >> Expressway, I think conductor do allow you to upload a private key. >> >> >> >> But what makes digicert really cool is you can buy the wildcard cert, then >> you keep reissuing a new certificate from that one purchase. >> >> >> >> You can do this from what I understand an unlimited times. >> >> >> >> There may be other CAs that do this. I saw one the seemed like it was >> going to work, but since the CSR did not include the * as a SAN, they would >> not issue the cert. >> >> >> >> Digicert with the Willard includes the *.domain.com and domain.com SANs >> automatically, and you can specify about 15 other SANs for each CSR/cert. >> >> >> >> So cucm and the other apps are happy because the cert was generated using >> its own CSR. >> >> >> >> Using these certs, I had one TAC case where cucm balked at the cert, but I >> could upload the cluster wide tomcat SAN cert via im&p. This turned out to >> be a problem with the domain casing not matching between all of the servers >> and the cert. always use domain.com and not DOMain.com and life is happy. >> >> >> >> I am not affiliated with digicert other than they are here in Utah also. >> It just makes life really easy to tell the customer to buy this one cert >> and O I can make all of the Cisco UC/jabber cert errors go away! >> >> >> >> Ps. Has anyone figured out what to do with conductor wanting IP address in >> the SAN? >> >> Sent from my iPhone >> >> >> On Jul 15, 2015, at 10:42 AM, Anthony Holloway < >> avholloway+cisco-v...@gmail.com> wrote: >> >> I'm a little confused here. According to this article: >> http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/115957-high-level-view-ca-00.html#wildcard, >> and this defect ID: https://tools.cisco.com/bugsearch/bug/CSCta14114/, >> wild card certs are not supported. Are we talking about the same thing >> here? >> >> >> >> On Wed, Jul 15, 2015 at 10:08 AM Eric Pedersen <peders...@bennettjones.com> >> wrote: >> >> Digicert lets you put your domain and subdomains of any level as SANs. >> It?s great! They even generated a duplicate certificate for me with a >> different root CA that was supported with WebEx enabled Telepresence. We >> use their wildcard certificates on all of our UC servers. >> >> >> >> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf >> Of *Heim, Dennis >> *Sent:* 15 July 2015 8:28 AM >> *To:* Ian Anderson; NateCCIE; Cisco VOIP >> >> >> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >> >> >> >> I?ve found the hardest thing to find a cert providers that likes putting >> the domain as a san such as DNS=mycollab.com. Has anyone found any >> providers that are kosher with that? From one of the Cisco Live sessions, I >> was told this is needed for service discovery to function properly. >> >> >> >> *Dennis Heim | Emerging Technology Architect (Collaboration)* >> >> World Wide Technology, Inc. | +1 314-212-1814 >> >> [image: twitter] <https://twitter.com/CollabSensei> >> >> <image002.png><image003.png> <+13142121814><image004.png> >> >> ?There is a fine line between Wrong and Visionary. Unfortunately, you have >> to be a visionary to see it." ? Sheldon Cooper >> >> >> >> Click here to join me in my Collaboration Meeting Room >> <https://wwt.webex.com/meet/dennis.heim> >> >> >> >> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net >> <cisco-voip-boun...@puck.nether.net>] *On Behalf Of *Ian Anderson >> >> >> *Sent:* Wednesday, July 15, 2015 10:18 AM >> *To:* NateCCIE; Cisco VOIP >> *Subject:* Re: [cisco-voip] Digicert Wildcard certificates >> >> >> >> >> >> On 15 July 2015 at 15:02, NateCCIE <natec...@gmail.com> wrote: >> >> Did you put all of your SANs in the digicert page? >> >> z >> >> I have this working on all of my expressway installs. >> >> Hi Nate, >> >> >> >> Thanks for the quick response, just for preservation in the archives for >> future posterity and confirmation that digicert seems fine despite the >> warnings in the manuals, it seemed I was running into 2 separate issues. >> >> >> >> 1) I had uploaded the intermediate cert, but needed to manually download >> and upload the root CA >> >> 2) That then got me past the TLS error, only to find that I had >> fat-fingered the hostname in the SAN field :-( >> >> >> >> Cheers >> >> >> >> Ian >> >> >> >> The contents of this message may contain confidential and/or privileged >> subject matter. If this message has been received in error, please contact >> the sender and delete all copies. Like other forms of communication, e-mail >> communications may be vulnerable to interception by unauthorized parties. >> If you do not wish us to communicate with you by e-mail, please notify us >> at your earliest convenience. In the absence of such notification, your >> consent is assumed. Should you choose to allow us to communicate by e-mail, >> we will not take any additional security measures (such as encryption) >> unless specifically requested. >> >> If you no longer wish to receive commercial messages, you can unsubscribe >> by accessing this link: http://www.bennettjones.com/unsubscribe >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> _______________________________________________ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/cc9af5a4/attachment-0001.html> >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: image001.png >Type: image/png >Size: 3876 bytes >Desc: not available >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/cc9af5a4/attachment-0001.png> > >------------------------------ > >Message: 19 >Date: Tue, 21 Jul 2015 11:49:44 -0400 (EDT) >From: Lelio Fulgenzi <le...@uoguelph.ca> >To: "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> >Subject: [cisco-voip] E20 - CDP and voice VLANs >Message-ID: > <572237778.902994.1437493784695.javamail.zim...@uoguelph.ca> >Content-Type: text/plain; charset="utf-8" > > >I've got an E20 that I'd like to get working with our Jabber deployment. > >Does the thing support CDP and voice VLANs or is it working on a data VLAN? > >--- >Lelio Fulgenzi, B.A. >Senior Analyst, Network Infrastructure >Computing and Communications Services (CCS) >University of Guelph > >519?824?4120 Ext 56354 >le...@uoguelph.ca >www.uoguelph.ca/ccs >Room 037, Animal Science and Nutrition Building >Guelph, Ontario, N1G 2W1 > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><https://puck.nether.net/pipermail/cisco-voip/attachments/20150721/5dd22cc0/attachment-0001.html> > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >cisco-voip mailing list >cisco-voip@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-voip > > >------------------------------ > >End of cisco-voip Digest, Vol 141, Issue 18 >******************************************* _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip