Re: [cisco-voip] let's encrypt for local admin gui pages

[Doug McIntyre]

On Wed, Sep 27, 2017 at 02:31:12PM +, Lelio Fulgenzi wrote:
> The hardest part was finding some decent instructions on how to do so. 
> Apparently, when a private signed certificate is generated and granted it's 
> available for download from the link presented during the process and there's 
> no easy way to find an inventory of generated certificates!


The Windows CA service implements access via several different methods, a
web portal, a command line option, and an API. Machines in a Windows AD
can request services from the CA server via whatever way.

Since there are several ways of doing things in Windows, it all
depends on what you are doing, as to what the instructions are.

If you are doing things by hand, typically you would be using the web
portal.  I find the easiest workflow for me is to have a secure area
set aside to store all the stuff going in and out. My process
typically has the keypair and certificate signer request being done by
hand with OpenSSL, although you can use certtool if you really want.
Then I pass the CSR into the windows CA and get back the signed response,
saving each part along the way rather than being on the fly. 

It should be noted the CA server never stores private key-pairs itself, and
basicly is really as it says, it signs the request and hands it back to you.
If you lose the private key, you can't recover it form the CA. If you let the
web portal have your web browser generate a key-pair and CSR, then you are
going to have to go dig that information out of wherever your web browser
stashed it (different for every single one). Its best to start with you
generating it specificly and stashing the files securely where you can access 
them.

You can easily see all the Issued Certificates from the Certificate
Authority MMC plugin. (eg. under Issued Cerfificates). There are command
line tools to do this as well. Typically, you'll have many certs, all in
various states, so its not like there is a mastory inventory here which is
what you seem to imply on wanting to find.

The CA server is just a signer.  In the Enteprise, you get all your
workstations to trust your CA, you submit a cert req to the signer CA,
it signs it, so then all your workstations trust your new cert.


___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] let's encrypt for local admin gui pages

[Doug McIntyre]

On Wed, Sep 27, 2017 at 04:07:53PM +0800, Ki Wi wrote:
> technically it can be done but it's too troublesome. Without "auto" update,
> you will have to go manual which is to create special DNS (TXT record)
> entry for each URL during the renewal.


DNS authorization of Let's Encrypt can be done through automated
methods. Especially with a client such as dehydrated and the use of
dynamic DNS updates (through ddns methods of nsupdate, or through the
API of your DNS provider).

Not sure how easily the SSL cert can be rotated on the appliance
devices though.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] DS3 voice delivery?

[Doug McIntyre]

No, the NM-1T3/E3 is a data only part, packet over T3. 

Cisco did used to have a product, the VGD-1T3 that did just that,
which looked like it was mostly a rebranded AS5200 with the T3 interface
and pushed to voice instead of modems. But it is discontinued, probably
because they only sold a handful. 

The M13 MUX to VWIC card solution is probably the best solution still.


On Wed, Jun 08, 2016 at 12:45:09PM -0400, Lelio Fulgenzi wrote:
> There's this... 
> 
> http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/2600-3600-3700-series-t3-e3-network-module/product_data_sheet09186a008010fba2.html
>  
> 
> But in CUCM v9.1, I don't see it as a pull down option in a 3900 series 
> gateway configuration. 
> 
> So, not sure it's supported for voice. 
> 
> --- 
> Lelio Fulgenzi, B.A. 
> Senior Analyst, Network Infrastructure 
> Computing and Communications Services (CCS) 
> University of Guelph 
> 
> 519‐824‐4120 Ext 56354 
> le...@uoguelph.ca 
> www.uoguelph.ca/ccs 
> Room 037, Animal Science and Nutrition Building 
> Guelph, Ontario, N1G 2W1 
> 
> - Original Message -
> 
> From: "Nick Barnett"  
> To: "Cisco VoIP Group"  
> Sent: Wednesday, June 8, 2016 9:51:15 AM 
> Subject: [cisco-voip] DS3 voice delivery? 
> 
> So, we have an old MUX that died. We have to either replace the MUX or use 
> something else. Is it possible to use a DS3 SM on an ISR to terminate the 
> DS3? Right now, we have a DS3 that hits a mux and breaks out to 28 PRIs... 
> those PRIs go into a plethora of VWIC interfaces on a SIP router. Would it be 
> possible to get another module for this router that lets us plug the coax in 
> and skip all of this VWIC/MUX business? 
> 
> Thanks, 
> Nick 
> 
> ___ 
> cisco-voip mailing list 
> cisco-voip@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-voip 
> 

> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway 8.5 is out

[Doug McIntyre]

On Fri, Dec 19, 2014 at 11:45:54AM -0500, Lelio Fulgenzi wrote:
 Are contact pictures a common thing in enterprises? I can't imagine the 
 headache it is to maintain those things. We have almost 4000 staff, and 
 having to manage pictures for them all would be daunting to say the least. 

No, not really. Managability is a concern as you state.

 Are there applications out there that help people submit/manage their avatar? 
 I'm guessing there would need to be some policies around what people can 
 wear, etc. as well as a final 'approval' stage so people like me don't submit 
 Bubbles as their avatar. 

But, avatar setup is pretty widespread. Gravatar.com seems to be the most
used one I've run across.

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip