05-28-2021 05:47 AM
Hi all,
Just wondering if anyone has deployed certs for CUCM Tomcat, Callmanager, IMP XMPP & Unity Tomcat that are signed by an Internal CA that have validity of longer than the new 396 days standard.
Have a customer who uses Jabber and has all the above signed with a 4 year validity and they are about to expire and they want to renew them for another 4 years but i believe all the latest browsers won't like that
I'm thinking that browsing to the Admin or CUCM User portal might give users a browser warning but would it actually affect Jabber logins or functioning ? They don't use SSO but do use MRA......
Thanks
Solved! Go to Solution.
05-28-2021 06:47 AM
My lab certificates are valid for 15 years, I just installed new certs on a CUCM 14 a couple weeks ago with my internal CA and neither Chrome nor FF have any complaints, both running whatever is the latest version right now.
05-28-2021 06:26 AM
Your iPhones,android,laptops won’t trust the internal certs until You upload the root Ca to those devices. Which we normally don’t do. So you can expect the cert warning when connecting even its one year or three year.The one year certificate validity requirement was introduced by apple so all public ca certs are for just one year.
05-28-2021 06:35 AM
Hi,
Yes the PKI trust chain for the internal CA is already pushed out to all devices and the existing certs have been fine for last 4 years. I just know that all the major browsers now have this requirement as of September last year .....but is it only for public CAs - I thought it would be for all CA's ?
Thanks
05-28-2021 06:47 AM
My lab certificates are valid for 15 years, I just installed new certs on a CUCM 14 a couple weeks ago with my internal CA and neither Chrome nor FF have any complaints, both running whatever is the latest version right now.
05-28-2021 06:48 AM
Thanks. That's what I needed to hear!
05-28-2021 03:55 PM
Awesome Jaime - I wondered if the SSO browser pop would require the E cert to be compliant. In a full external IdP deployment, good to know we can use an internal CA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: