cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
784
Views
0
Helpful
1
Replies

Expressway B2B TLS Certifiates

Expressway used to include all Public Root CA Certificates as of X8.7 this was removed.

 

So back in the day Open Video Federation(B2B) we able to use TLS between different companies with Public Signed Certificates.

 

Today this is not possible, the same scenario cannot use TLS, only TCP/UDP works.

 

Why did Cisco remove the Public Root CA?

1 Accepted Solution

Accepted Solutions

Jonathan Schulenberg
Hall of Fame
Hall of Fame
Someone overreacted to the CAs that have been compromised/revoked in the last few years and didn’t want to be liable for keeping the CA list current on every Expressway/VCS out there. I half-understand this since it would have required a PSIRT disclosure and whatnot but my opinion is that Cisco overreacted. There has been some discussion of providing the list of PEM certificates as an additional download on CCO as a compromise; however, that hasn’t been committed and it definitely won’t be built-in again. In the meantime, you’re welcome to create and maintain your own list. It’s not that you can’t install them, only that Cisco didn’t pre-load them for you.

Disclaimer: This is my understanding; however, I am not a Cisco employee and cannot provide an authoritative answer.

View solution in original post

1 Reply 1

Jonathan Schulenberg
Hall of Fame
Hall of Fame
Someone overreacted to the CAs that have been compromised/revoked in the last few years and didn’t want to be liable for keeping the CA list current on every Expressway/VCS out there. I half-understand this since it would have required a PSIRT disclosure and whatnot but my opinion is that Cisco overreacted. There has been some discussion of providing the list of PEM certificates as an additional download on CCO as a compromise; however, that hasn’t been committed and it definitely won’t be built-in again. In the meantime, you’re welcome to create and maintain your own list. It’s not that you can’t install them, only that Cisco didn’t pre-load them for you.

Disclaimer: This is my understanding; however, I am not a Cisco employee and cannot provide an authoritative answer.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: