cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1031
Views
25
Helpful
5
Replies

Significance of adding parent domain as a SAN in UC Certificates

osmannayeem
Beginner
Beginner

For all UC application, Cisco always auto-populates parent domain while generating CSRs. Can anyone please help me to understand the exact benefit of having this parent domain? What are the use cases? What if we remove parent domain and keep only server SAN while generating CSRs?

1 Accepted Solution

Accepted Solutions

Whatever that is automatically added should stay. It’s as simple as that. The things I would recommend to remove is for IMP if there would be other domains than yours that shows up. This can be the case based on directory synchronisation with users that have a non corporate email address.

Not from the top of my head I can’t come up with a use for this in combination with CCX.



Response Signature


View solution in original post

5 Replies 5

Roger Kallberg
VIP Expert VIP Expert
VIP Expert

For example it is used for Jabber clients to not through the warning for certificates at login/connection. Let me turn the question back to you, for what reason do you want to remove it?



Response Signature


osmannayeem
Beginner
Beginner

good point, thank you! I forgot about certificate warning during Jabber login. So I was updating tomcat cert of our ccx servers. Parent domain always auto-populated by CSR generation prompt, I never give it a thought about the specific purpose. But this time our security team want to know the reason behind adding a parent domain before approving my cert signing request with external CA.

 

Can you think of any particular usage of it in CCX?

Whatever that is automatically added should stay. It’s as simple as that. The things I would recommend to remove is for IMP if there would be other domains than yours that shows up. This can be the case based on directory synchronisation with users that have a non corporate email address.

Not from the top of my head I can’t come up with a use for this in combination with CCX.



Response Signature


Maybe it's still XMPP/BOSH for desktop chat and agent presence?

AFAIK Some deployments rely on SANs to implement TLS connections to other Cisco or third-party infrastructure

 

Why do you want the certificates to be signed by a public CA ? Those certs can be signed by your internal CA. 

 

Parent Domain Field is not a  mandatory filed while generating  CSR. Below mentioned will be the CSR output When choosing blank and with parent domain. 

When it comes to Public CA, the cost will be based on the SAN filed entries. 

 

Screenshot 2021-08-13 at 6.11.04 PM.pngScreenshot 2021-08-13 at 6.12.14 PM.png

Based on below Guide, IF you have an issue with CSR and uploaded Certificate, its recommended to go with Blank  parent CA.

https://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/118855-configure-uccx-00.html

Screenshot 2021-08-13 at 6.16.45 PM.png

 

 



Response Signature


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers