Yeah. Considering how much effort we put on security, telling people to ignore cert warnings is probably not the best. It does take a bit more work. And it was ok with three year certs. Annual certs are going to make things a bit worse.
Pushing self signed certs (or roots?) to devices will be an issue. And outside the scope of telephony. There are tools that can help. I believe JoinNow tool is one example. We use that and I believe my colleague got that working in a test environment. I’m hoping they have an SU that introduces let’s encrypt for v11.5. 🤞🤞 Sent from my iPhone On Apr 5, 2020, at 12:00 PM, Anthony Holloway <avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote: Not to answer for Brian, but with the introduction of MRA, employees can run Jabber on any device they want. This makes putting private ca signed certs on those devices impossible or at least a giant headache. On Sat, Apr 4, 2020 at 7:30 AM Mark H. Turpin <mtur...@covene.com<mailto:mtur...@covene.com>> wrote: I’m using namecheap and have for years. Cheap certs from Comodo and they work fine. You can do email, web, and DNS validation - https://www.namecheap.com/support/knowledgebase/article.aspx/9637/68/how-can-i-complete-the-domain-control-validation-dcv-for-my-ssl-certificate Sorry, I missed the part on why you’re not using an internal CA for your internal servers though? -- -Mark ________________________________ From: cisco-voip <cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> on behalf of Anthony Holloway <avholloway+cisco-v...@gmail.com<mailto:avholloway%2bcisco-v...@gmail.com>> Sent: Monday, March 30, 2020 9:58:12 PM To: UC Penguin <gen...@ucpenguin.com<mailto:gen...@ucpenguin.com>> Cc: cisco-voip voyp list <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>; Jonatan Quezada <jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>>; Adrian Arevalo-Orozco <adrian.arevalo.oro...@chemeketa.edu<mailto:adrian.arevalo.oro...@chemeketa.edu>> Subject: Re: [cisco-voip] [EXTERNAL] Cost-Effective Public Certificate Authority for CUCM certificates *** EXTERNAL EMAIL - DO NOT CLICK LINKS *** It's a good thing you don't have to prove ownership for collab certs then. I have not bought through namecheap myself, but I have witnessed the mistake someone has made trying to get domain validated, or EV certs for their collab gear when it's not needed, and yeah, it seemed like a hassle and it took a few days or more. On Mon, Mar 30, 2020 at 4:40 PM UC Penguin <gen...@ucpenguin.com<mailto:gen...@ucpenguin.com>> wrote: Namecheap cert process is a PITA. Haven’t used them for UC servers but helped a friend with their website after they already bought them from NC. You can only have it verify ownership with certain predefined by them emails at your domain, or dns/web. Namecheap is a good domain registrar but I’d personally steer clear of their other services. On Mar 30, 2020, at 14:57, Brian Meade <bmead...@vt.edu<mailto:bmead...@vt.edu>> wrote: Namecheap seems to be the cheapest option I've found from some quick looking. They seem to resell Comodo certificates but cheaper than Comodo offers them. On Mon, Mar 30, 2020 at 2:45 PM Jonatan Quezada <jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote: Im totally looking to update all of mine I think we use digi-cert, pleasea let us know what you find out :) Cheers! On Mon, Mar 30, 2020 at 11:43 AM Brian Meade <bmead...@vt.edu<mailto:bmead...@vt.edu>> wrote: Does anyone know of any public certificate authorities that have cheaper multi-server SAN certificate options? I had seen some in the past that let you buy a wildcard and then can submit CSR's against that still but having trouble finding that now. Trying to avoid buying 4 multi-server certificates to cover CUCM Tomcat/Unity Connection Tomcat/UCCX Tomcat/IM&P XMPP. _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=01%7C01%7Cmturpin%40covene.com%7C58b306e13bf84d8d65de08d7d51fd22a%7C575b0cc755204e999cb37affbf511f45%7C1&sdata=31dWW3cRzojiu8GNDZSHJbkachrakSZSm9SIDE2cljo%3D&reserved=0> -- During this time of remote work, There will be the need for connectivity to other devices such as a cell phone. If you require assistance forwarding your desk phone to a remote cell or message phone, please email with desk number and where we are forwarding calls. I can do these remotely. Johnny Q Voice Technology Analyst II Chemeketa Community College johnn...@chemeketa.edu<mailto:johnn...@chemeketa.edu> Building 22 Room 130 Work 5033995294 Cell 5035769873 FAX 5033995549 _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=01%7C01%7Cmturpin%40covene.com%7C58b306e13bf84d8d65de08d7d51fd22a%7C575b0cc755204e999cb37affbf511f45%7C1&sdata=31dWW3cRzojiu8GNDZSHJbkachrakSZSm9SIDE2cljo%3D&reserved=0> _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=01%7C01%7Cmturpin%40covene.com%7C58b306e13bf84d8d65de08d7d51fd22a%7C575b0cc755204e999cb37affbf511f45%7C1&sdata=31dWW3cRzojiu8GNDZSHJbkachrakSZSm9SIDE2cljo%3D&reserved=0> _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
