Hey Sally, I agree. Using IP address seems like circumventing the certificate.
From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Anthony Holloway Sent: Friday, February 14, 2020 10:17 AM To: Brian Meade <bmead...@vt.edu> Cc: voyp list, cisco-voip (cisco-voip@puck.nether.net) <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory Well, slap my ass and call me Sally. I change an existing secure LDAP setup from FQDN to IP Address and it still works. I'd be curious to know why it functions this way. Seems like an opportunity to exploit the Authentication facet of SSL. "In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information." Source: Why SSL? The Purpose of using SSL Certificates<https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html> On Thu, Feb 13, 2020 at 1:32 PM Anthony Holloway <avholloway+cisco-v...@gmail.com<mailto:avholloway%2bcisco-v...@gmail.com>> wrote: That's interesting to know. How did you learn that? On Thu, Feb 13, 2020 at 12:30 PM Brian Meade <bmead...@vt.edu<mailto:bmead...@vt.edu>> wrote: CUCM doesn't check the names, just that the chain is trusted. On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> wrote: Interesting. Our root cert is and has been loaded, but I’m still using just the IPs so normally that would make the handshake fail. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518<tel:443.541.1518> w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> [Helion Technologies]<http://www.heliontechnologies.com/> [Facebook]<https://facebook.com/heliontech> [Twitter]<https://twitter.com/heliontech> [LinkedIn]<https://www.linkedin.com/company/helion-technologies> [cid:image005.jpg@01D5E32C.7BF4BAC0] ________________________________ From: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>> Sent: Sunday, February 9, 2020 5:15:40 PM To: Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> Cc: James Buchanan <james.buchan...@gmail.com<mailto:james.buchan...@gmail.com>>; voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] I couldn’t get secure ldap to work without loading the certificates from the AD servers. I also had more luck using the global catalog ports. Sent from my iPhone On Feb 9, 2020, at 5:05 PM, Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> wrote: I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518<tel:443.541.1518> w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <image502755.png><http://www.heliontechnologies.com/> <image552534.png><https://facebook.com/heliontech> <image068119.png><https://twitter.com/heliontech> <image315640.png><https://www.linkedin.com/company/helion-technologies> <image132003.jpg> ________________________________ From: cisco-voip <cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> on behalf of James Buchanan <james.buchan...@gmail.com<mailto:james.buchan...@gmail.com>> Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip