cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
909
Views
0
Helpful
4
Replies

CUCM 10.5 - CSR/SAN issue

Scott Jones
Beginner
Beginner

Just upgraded this past weekend to CUCM 10.5.  Today, I'm trying to generate updated certs for the servers per our security policy.  What i'm finding, though, is that the old way of adding additional SANs doesn't seem to work anymore.  We use Active Directory's CA, and usually I would just populate the SANs in the additional attributes field.  Doing that now, though, prevents the cert from being accepted at all.  Using the multi-server option, it will only take SANs that have the FQDN, which is great, but we also use just the hostname to access servers as well...

Has anyone come across a good way to address this kind of issue?

4 Replies 4

Chris Deren
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

You need to include the SAN with your CSR, to do that you need to add it via "set web-security" CLI command.

Also, UC 10.X appliacnces support multi-server SAN cers, but do not allow IP addresses as SANs.  

 

Thanks Chris.  I've tried that, and it's partially working.  Where I'm stuck is having just hostnames as well as FQDNs.  The TAC engineer I'm working with mentioned attaching a list of separate hostnames to the CSR request (doing a multi-server CSR).  I'm wondering, though, do I just attach the .txt file and generate the CSR or do I need to do anything else to make sure that it populates the hostnames in the text file as well as the automatically discovered ones?

can you not add multiple SANs by separating them via comma when issuing "set web-security"?