09-19-2016 06:39 AM - edited 03-19-2019 11:36 AM
Hi,
I have an UCM/IM&P 11.5.1.10000 cluster and the customer is signing all the required servers/services with their Corporate CA. I am submitting the CSRs to the customer as Multi-SAN certificates.
The customer is unable to sign certificates with a SAN that is not an actual server ie "domain.com" - it has to be server01.domain.com
When creating the CSRs on 11.5 on UCM,IM&P,CUC it autopopulates the top level domain as a SAN though you can remove it on all..... except for the cup-xmpp request.
Anyone know
1. Is the presence domain required to be a SAN for the cup-xmpp service to function?
2. If not is there anyway to remove it?
Thanks
Solved! Go to Solution.
09-19-2016 01:35 PM
Yes, that is required to be there
The client identifies XMPP certificates with the XMPP domain, rather than with the FQDN. The XMPP certificates must contain the XMPP domain in an identifier field.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html
09-19-2016 01:35 PM
Yes, that is required to be there
The client identifies XMPP certificates with the XMPP domain, rather than with the FQDN. The XMPP certificates must contain the XMPP domain in an identifier field.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html
09-20-2016 04:19 AM
Thanks Jaime!
It's easy when you find the right doc :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide