CUCM certificate requests with an IP as the Subject Alternative Name (SAN)

If you have ever created a Certificate Signing Request using CUCM, you may have noticed a lack of setting an IP as a SAN.  A simple solution to this if you are dealing with a Microsoft Certificate Server is to fill out the additional attributes text field. However, by default prior to doing this you will need to open up an Administrator command prompt and issue the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Now restart your certificate services under the AD CA management pane.

Finally, you simply need to add the following:

san:dns=<hostname>&dns=<fqdn>&ipaddress=<ip address>

Although this may seem like a trivial thing, you will cause errors in most modern browsers due to not having a correct SAN in the certificate. This allows you to override even improperly generated requests lacking a SAN.  But by default Microsoft Server CA doesn't even generate Certificates with a SAN from the CUCM CSR's.  As always, remember that you need your CA to be in the computer's certificate store for trust to be established.

Lastly, make sure you restart your Tomcat service via the CLI by entering:

utils service restart Cisco Tomcat

Comments

Post a Comment

Popular posts from this blog

Cloudflare Calls API to SIP broker

Update: Given the amount of time I sacrifice to game development outside of collaboration work, my site has become defunct. Cloudflare has a calls beta. My intention is to create a SIP to API broker for the CMS and try to get their CDN working with it's anycast to beat out GeoDNS solutions. I will probably post more about this later here, however, don't expect me to be overly timely on it. Also, why is the Cisco Meeting Server doesn't grey out UI items that have been configured in the API so people don't make mistakes and cause conflicts? Why is it that Cisco doesn't publish the methodology by which all cospaces are assigned to callbridges/nodes at the time of build. I have many questions for many things that don't make sense these days and a lot of rants, but I will save those for some knowledge drops in the future. Take care everyone!
Read more

Replacing default paste behavior in Windows 11

Clipboard URL Shortener Implementation Guide Clipboard URL Shortener Implementation Guide Powershell Script This PowerShell script checks the clipboard for a YouTube URL. If it finds one, it converts it to a shortened youtu.be URL and updates the clipboard with this new URL. Add-Type -AssemblyName System.Windows.Forms $clipboardText = Get-Clipboard if ($clipboardText -match 'https://(www\.|music\.)?youtube\.com/watch\?v=([a-zA-Z0-9_-]+)') { $videoID = $matches[2] $shortUrl = "https://youtu.be/$videoID" Set-Clipboard -Value $shortUrl # Update the clipboard with the shortened URL } else { Set-Clipboard -Value $clipboardText # Retain the original clipboard text if it's not a YouTube URL } AutoHotkey Script This AutoHotkey script intercepts the Ctrl+V keystroke to execute the PowerShell script and then perform a paste ope...
Read more

Well... chatGPT, collab, automation, monolithic code and bad APIs

Let's just be honest about the state of things from an automation standpoint: import pandas as pd import re # Variable Definitions template_file_name = 'phonebuttontemplate.csv' device_file_name = 'deviceprofile.csv' modified_device_file_name = 'deviceprofile_modified.csv' replacement_value = 'DELETED' end_column_number = 89 print_line_counts = False  # Flag this if you encounter issues and want to print the Line count for each row in the template csv first_column_name = 'Device Profile Name' # Read phonebuttontemplate.csv print("Reading phonebuttontemplate.csv...") template_df = pd.read_csv(template_file_name) # Store header row header_row_template = list(template_df.columns) # Initialize a dictionary to store the values template_dict = {} # Loop through the DataFrame rows for _, row in template_df.iterrows():     name = row.get('NAME', None)     # Check if the row has a NAME and is not empty     if pd.notna(name):         ...
Read more