Re: CUPS Calendaring with UCC SSL Cert

mloraditch · ‎09-01-2009

My exchange server's ssl cert is a 5in1 UCC cert where the url of my mail server is one of the SANs and not the primay CN. Can CUPS deal with this? Is there a work around? The primary CN of this cert is used elsewhere so when i put in the url I want CUPS to use it complains and says SubjectCN mismatch and if try to correct it switches to the wrong url.

Thanks in advance!

htluo · ‎09-01-2009

It's not a CUPS-specific problem. CUPS just use standard SSL library to establish the connection.

Due to the specification of SSL, the requested destination has to match the certificate, either the subject name or the alternative name.

Maybe you can talk to your CA to put the Exchange into certificate as alternative name.

Again, this is product neutral. This is just the nature of the SSL.

Michael

http://htluo.blogspot.com

mloraditch · ‎09-01-2009

Michael,

My exchange server URL is one of the alternate names on the cert.

Apologies if that wasn't clear.

Thanks!

htluo · ‎09-01-2009

On CUPS > Presence > Presence Gateway, did you use IP address or the FQDN of the Exchange? If the FQDN matches with the certificate's alternative name, it should work.

Michael

mloraditch · ‎09-01-2009

Michael,

I am using the FQDN, for the Exchange SSL Verification I get subject CN mismatch? Can I ignore that warning? Or is something else going?

Thanks!