cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
519
Views
20
Helpful
15
Replies
Highlighted
Beginner

Unity Certificate not matching from Godaddy

Hello when I create a CSR for my Unity Publisher server it looks like it automatically adds a SAN entry of my servers hostname instead of the FQDN.  When I submit the CSR to Godaddy the cert comes back with a mismatch of the SAN entry and gives an error when trying to upload the cert that it does not match.  Is there a way to remove the automatic SAN entry Unity is adding or somehow change that entry to the FQDN?  I did reach out to Godaddy and explain they are removing the SAN entry and adding the FQDN for both the CN and SAN.  They said they would manually create the cert, I received it back and still had the wrong SAN entry.  

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

Post the output of: show network eth0

HTH

java

if this helps, please rate

View solution in original post

Highlighted

The domain name was not setup on my server correctly.  I ran the command set network domain mydomainname.com on both servers and rebooted.  This then resolved my issue I was able to process the CSR properly from Godaddy.  Thank you so much Jaime Valencia you led me to the correct solution.  I wanted to thank everyone else for taking the time to reply and help me. 

View solution in original post

15 REPLIES 15
Highlighted
Collaborator

if your CSR is SAN, you need to get SAN certificate or multi domain certificate from Godaddy.  if its SSL, the san entries will be removed.

 

instead of Public CA, create an Internal CA and sign the certificate as these are internal servers.

 

 

==Please rate all useful posts and mark as answer if it solves your issue==
Highlighted

They were internal CA signed but we implemented MRA using Expressway-C and Expressway-E for Jabber.  When you connect with Jabber from a home user PC to our corporate network they get a Certificate warning message that the CA is not trusted.  I was asked to fix this so the warning will not appear and the only way I know how is to get a certificate signed by a trusted CA.  Is there another way to suppress the certificate warning in Jabber?

Highlighted

I hope u are using godaddy certificate for MRA and scenario is MRA jabber desktop. public CA  like DigiCert( well known public CA)root certificate  will come   preloaded with our operating system. godaddy root CA will not be. so you need to install the godaddy root CA on the machine. if these machine are domain PC you can push the godaddy  root CA using GPO and your pc will not give u certificate warning. and I think the warning comes just once and not each  time u login. 

 

 

 

 

 

 

==Please rate all useful posts and mark as answer if it solves your issue==
Highlighted

Im using Godaddy certificates for every server Expressway-C Expressway-E, CUCM and trying with UC.  The jabber client is on Desktop and smart phone.  The certificates are working for every system but UC.  Cisco for some reason automatically puts the hostname in the SAN entry in the CSR even though I enter the FQDN for the CN and leave the SAN box empty.  Yes the warning does only show up once but my boss does not like the warning message and wants me to fix it.  I really think Cisco needs to reprogram the CSR creation tool not to automatically add the hostname just use the CN for certificate use. 

Highlighted

The CSR is not created as a SAN but it automatically adds in a SAN entry. The SAN entry is empty but UC automatically adds the hostname as a SAN entry.  When you decode the CSR you can see the hostname in SAN.  Thanks everyone for replying back I appreciate it.  

Highlighted

Ask them to provide the certificate as per the CSR. we had similar issues and we moved to digcert. godaddy is cheap but their support and service is pathetic. 

 

Make sure u have uploaded all root and chain to trust before uploading the server certificate. 

==Please rate all useful posts and mark as answer if it solves your issue==
Highlighted
Advocate

Fully agree with @Nithin Eluvathingal on this. There is no need to pay good money to have these certificates signed by a public CA. Your better off by having them signed by an internal CA.

Please rate all useful posts
Highlighted

Unless you are using MRA Expressway-C and Expressway-E and your Jabber client is popping up certificate warnings when you try and connect to your voicemail. 

Highlighted

Agree fully, although you did ask about certificates in CUC. So not applicable for the question asked.

You do not need to have public signed certificates for these internal services. It’s enough to have them signed by a internal CA and have the root CA and any intermediate CA certificates deployed in your clients certificate trust store.

Please rate all useful posts
Highlighted

Yes I asked about the certificate in CUC because my Jabber client is popping up certificate error messages when trying to connect to it internally or using MRA.  I have certs on Expressway-C Expressway-E and CUCM and they are all working correctly with no errors.  It's only UC that is giving the error.  I think Cisco needs to change the way CU creates it's CSR and not automatically put in the hostname of the server only the FQDN.  This causes lots of frustration when trying to create the cert.  

Highlighted
Hall of Fame Cisco Employee

 

CUC CSR.png

 What version is this? and how does the server show in the CN automatically? hostname??? or FQDN???

As you can see in my lab, it populates the FQDN and my domain automatically, but in yours, I don't see a domain populated and the CN seems a bit short for being FQDN, I could be wrong.

There are 2 SAN entries in my lab certificate, the domain, and the FQDN from the CN.

HTH

java

if this helps, please rate
Highlighted

It's version 12.5.1.12900-56  It shows the CN automatically with just the hostname it does not have a domain after it and it is not the FQDN I have to manually type in the FQDN in the Common Name field.  I wonder why yours is populating the FQDN and mine just populates the hostname. 

Highlighted
Hall of Fame Cisco Employee

Post the output of: show network eth0

HTH

java

if this helps, please rate

View solution in original post

Highlighted

The domain name was not setup on my server correctly.  I ran the command set network domain mydomainname.com on both servers and rebooted.  This then resolved my issue I was able to process the CSR properly from Godaddy.  Thank you so much Jaime Valencia you led me to the correct solution.  I wanted to thank everyone else for taking the time to reply and help me. 

View solution in original post

Content for Community-Ad