cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
1
Replies
Participant

Expressway B2B TLS Certifiates

Expressway used to include all Public Root CA Certificates as of X8.7 this was removed.

 

So back in the day Open Video Federation(B2B) we able to use TLS between different companies with Public Signed Certificates.

 

Today this is not possible, the same scenario cannot use TLS, only TCP/UDP works.

 

Why did Cisco remove the Public Root CA?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Expressway B2B TLS Certifiates

Someone overreacted to the CAs that have been compromised/revoked in the last few years and didn’t want to be liable for keeping the CA list current on every Expressway/VCS out there. I half-understand this since it would have required a PSIRT disclosure and whatnot but my opinion is that Cisco overreacted. There has been some discussion of providing the list of PEM certificates as an additional download on CCO as a compromise; however, that hasn’t been committed and it definitely won’t be built-in again. In the meantime, you’re welcome to create and maintain your own list. It’s not that you can’t install them, only that Cisco didn’t pre-load them for you.

Disclaimer: This is my understanding; however, I am not a Cisco employee and cannot provide an authoritative answer.

View solution in original post

1 REPLY 1
Highlighted

Re: Expressway B2B TLS Certifiates

Someone overreacted to the CAs that have been compromised/revoked in the last few years and didn’t want to be liable for keeping the CA list current on every Expressway/VCS out there. I half-understand this since it would have required a PSIRT disclosure and whatnot but my opinion is that Cisco overreacted. There has been some discussion of providing the list of PEM certificates as an additional download on CCO as a compromise; however, that hasn’t been committed and it definitely won’t be built-in again. In the meantime, you’re welcome to create and maintain your own list. It’s not that you can’t install them, only that Cisco didn’t pre-load them for you.

Disclaimer: This is my understanding; however, I am not a Cisco employee and cannot provide an authoritative answer.

View solution in original post

CreatePlease to create content