CUPS Calendaring with UCC SSL Cert

Unanswered Question
Sep 1st, 2009
User Badges:

My exchange server's ssl cert is a 5in1 UCC cert where the url of my mail server is one of the SANs and not the primay CN. Can CUPS deal with this? Is there a work around? The primary CN of this cert is used elsewhere so when i put in the url I want CUPS to use it complains and says SubjectCN mismatch and if try to correct it switches to the wrong url.

Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htluo Tue, 09/01/2009 - 04:57
User Badges:
  • Red, 2250 points or more

It's not a CUPS-specific problem. CUPS just use standard SSL library to establish the connection.


Due to the specification of SSL, the requested destination has to match the certificate, either the subject name or the alternative name.


Maybe you can talk to your CA to put the Exchange into certificate as alternative name.


Again, this is product neutral. This is just the nature of the SSL.


Michael

http://htluo.blogspot.com

mloraditch Tue, 09/01/2009 - 04:58
User Badges:

Michael,

My exchange server URL is one of the alternate names on the cert.


Apologies if that wasn't clear.

Thanks!

htluo Tue, 09/01/2009 - 05:33
User Badges:
  • Red, 2250 points or more

On CUPS > Presence > Presence Gateway, did you use IP address or the FQDN of the Exchange? If the FQDN matches with the certificate's alternative name, it should work.


Michael

mloraditch Tue, 09/01/2009 - 05:36
User Badges:

Michael,

I am using the FQDN, for the Exchange SSL Verification I get subject CN mismatch? Can I ignore that warning? Or is something else going?

Thanks!

Actions

This Discussion