Hi Scott, Yes. But before that, are you able to share the screenshot of your certificate and the error too? You can unicast them, if you wish. I just want to make sure I am making the right recommendation.
Regards, Abhiram Kramadhati Technical Solutions Manager, CCBU CCIE Collaboration # 40065 From: Scott Voll <svoll.v...@gmail.com> Date: Saturday, 29 April 2017 at 12:12 AM To: "Abhiram Kramadhati (akramadh)" <akram...@cisco.com> Cc: Nathan Reeves <nathan.a.ree...@gmail.com>, "cisco-voip@puck.nether.net" <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] Finesse cert error So is it only the Tomcat Cert I need to reissue? if I reissue, does it affect any other systems, (such as CM)? Just need to schedule maintenance. TIA Scott On Fri, Apr 28, 2017 at 4:25 AM, Abhiram Kramadhati (akramadh) <akram...@cisco.com<mailto:akram...@cisco.com>> wrote: Hi guys, The certificate should contain subjectAltName(SAN), and you should not have any issues. If you were using CN, ensure it is now in the SAN. The same is documented here: https://productforums.google.com/forum/#!msg/chrome/5f1Kp_ntUwU/CfER8_JKDwAJ The team looked at this today and for CA signed certificates with the above config, there are no issues on the latest Chrome/FF. If you are still facing issues, can you send me the screenshot and details? Regards, Abhiram Kramadhati Technical Solutions Manager, CCBU CCIE Collaboration # 40065 From: cisco-voip <cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> on behalf of Nathan Reeves <nathan.a.ree...@gmail.com<mailto:nathan.a.ree...@gmail.com>> Date: Friday, 28 April 2017 at 4:04 AM To: Scott Voll <svoll.v...@gmail.com<mailto:svoll.v...@gmail.com>> Cc: "cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Finesse cert error Chrome stopped supporting Common Name matching in the latest release 58 which dropped in the last week or so. This would cause the error you referenced below. Looks like it now only supports names in the subjectAlternativeName field of the cert. Hope this assists Nathan On Thursday, April 27, 2017, Scott Voll <svoll.v...@gmail.com<mailto:svoll.v...@gmail.com>> wrote: OK, as of yesterday I started having reports of users in Chrome and Firefox getting an error connecting to the Finesse webpage. Looking at the cert It's sha2 but I get Not secure in FF and not private in Chrome. Chome complains of NET::ERR_CERT_COMMON_NAME_INVALID cert is internal CA and the sigature algorithim is Sha512RSA hash is SHa512 The only thing that looks a little questionable is in the subject, I also have the serial number and the hostname is CAPs not lower case UCCx 11.5.1.10000-61 Any thoughts? TIA Scott
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
