TAC is the one that showed me. The big clue is that in expressway it has the ability to upload a private key. Why have that feature if you can't extract it?
-----Original Message----- From: Lelio Fulgenzi <le...@uoguelph.ca> Sent: Wednesday, August 3, 2022 9:11 AM To: Matthew Huff <mh...@ox.com>; Hunter Fuller <hf0...@uah.edu> Cc: Cisco VOIP <cisco-voip@puck.nether.net> Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate Curious if you passed this method by Cisco/Expressway support. I find the Expressway support team very critical of any changes to supported methods. It's the only team that doesn't support ESXi maintenance releases unless it's explicitly stated in the document. -----Original Message----- From: Matthew Huff <mh...@ox.com> Sent: Wednesday, August 3, 2022 7:47 AM To: Hunter Fuller <hf0...@uah.edu>; Lelio Fulgenzi <le...@uoguelph.ca> Cc: Cisco VOIP <cisco-voip@puck.nether.net> Subject: RE: [cisco-voip] [External] Re: expressway E GoDaddy certificate CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca Same. We have a multi-san certificate for our expressway-e cluster from Entrust. You have to create the CSR on the first node in the cluster, install the certificate and then copy the private key via SCP. You then load the private key and certificate into the 2nd server. To get the private key. Login to the server that has the installed certificate via SCP as root. The file is privkey.pem in /tandberg/persistent/certs/ -----Original Message----- From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Hunter Fuller Sent: Tuesday, August 2, 2022 1:37 PM To: Lelio Fulgenzi <le...@uoguelph.ca> Cc: Cisco VOIP <cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] [External] Re: expressway E GoDaddy certificate Since I just love being contrarian, we are running the same cert on both Expressway-E. It is not GoDaddy though. But feel free to take a look at how this works. Our expe are vbhexpe.voip.uah.edu and libexpe.voip.uah.edu and I've also attached the cert to this email. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Tue, Aug 2, 2022 at 9:06 AM Lelio Fulgenzi <le...@uoguelph.ca> wrote: > > We’ve always been weary of wildcard and muti-San certs that preclude a > certificate for each server. In our case, we have got a multi-san cert for > each expressway E (and C for that matter) which includes the server as the > primary host, and the peer, cluster name and domain as a SAN. > > > > I’m lucky that our cert team has got a contract with good inventory, so, a > couple of extra multi-SAN certs isn’t a big deal for us. > > > > At some point, we may consider moving the Expressways to Let’s Encrypt. It’s > the only Cisco collab platform that supports it for now. > > > > > > From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of > Shaihan Jaffrey > Sent: Tuesday, August 2, 2022 4:21 AM > To: Cisco VOIP <cisco-voip@puck.nether.net> > Subject: [cisco-voip] expressway E GoDaddy certificate > > > > CAUTION: This email originated from outside of the University of > Guelph. Do not click links or open attachments unless you recognize > the sender and know the content is safe. If in doubt, forward > suspicious emails to ith...@uoguelph.ca > > > > what is the process to renew Public certificate on Expressway E > through > > GoDaddy. > > Is one certificate sufficient for primary and secondary exp-e? > > > > do we have to get certificates based on FQDN? > > > > Regards > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip