For now I'm going to cross my fingers on the upper/lower case issue. Right now we're using 10.5(2)SU1.
I started with Unity; changed the CN to "vunity.sps186.org <http://vunity.sps186.org/>" and let the SANs auto-populate with the pub/sub etc. Certs created fine, installed fine. Restarted tomcat, and now SSL is looking good when accessing the console. After a few minutes, Jabber connected without any errors (despite the fact that the config shows the IP rather than a hostname..) Going to try the CUCM cluster now. Thanks, Anthony and Ryan! Michael > On Sep 11, 2015, at 2:54 PM, Anthony Holloway > <[email protected]> wrote: > > It was actually your session at Cisco Live this year Ryan, where I learned > about MS certs and the suffix. ;) I pulled the slide deck up for reference > a weeks ago when I was working with COMODO CA. > > On Fri, Sep 11, 2015 at 2:30 PM Ryan Ratliff (rratliff) <[email protected] > <mailto:[email protected]>> wrote: > I just generated a Tomcat MS CSR without the -ms with no issue on 11.0. > > On the case thing as long as you are on the latest SU you should be fine. > There have been defects related to case validation on certs (CSCuu69964 for > example) but you should be ok. > > -Ryan > > On Sep 11, 2015, at 1:49 PM, Michael David <[email protected] > <mailto:[email protected]>> wrote: > > Greetings, > > When I generate the SAN CSRs, the server sets the common name to, for > example, VUNITY1.sps186.org <http://vunity1.sps186.org/>-ms - the "-ms" being > added automatically to the end. All the SANs in the list correspond to the > actual hostnames and domain name. Can I change this CN to remove the -ms? > GoDaddy isn't allowing the cert to be created because the CN isn't a FQDN. > Not sure if the CUCM/Unity stuff needs the -ms for its own uses. > > Furthermore, our vendor set the hostnames to, for exmple, VUNITY1, VUCM1, etc > rather than vunity1, vucm1. GoDaddy changed the case from CSRs from the > uppercase format to the lowercase format. If the certs generate with the > lowercase-only names, will they still function on the cluster with the > cluster hostnames uppercase? > > Thanks in advance, > Michael > > -- > Michael A. David, CCNA > Springfield Public Schools > Technology Service Center > 217.585.5802 ext. 85114 > 217.585.5809 (FAX) > > _______________________________________________ > cisco-voip mailing list > [email protected] <mailto:[email protected]> > https://puck.nether.net/mailman/listinfo/cisco-voip > <https://puck.nether.net/mailman/listinfo/cisco-voip> > > _______________________________________________ > cisco-voip mailing list > [email protected] <mailto:[email protected]> > https://puck.nether.net/mailman/listinfo/cisco-voip > <https://puck.nether.net/mailman/listinfo/cisco-voip> -- Michael A. David, CCNA Springfield Public Schools Technology Service Center 217.585.5802 ext. 85114 217.585.5809 (FAX)
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
