CUPS - Enabling DNS for Certificates to support E2K7

Answered Question
Nov 20th, 2009
User Badges:

Hi - We have been having some issues with our customer's E2K7 / W2K8 calendaring integration with CUPS 7.0.4.  It looks as though E2K7 installs a self signed cert in it's store as part of the install for client email access.  This cert CN, however, is based on the DNS name (e.g. E2K7) and not IP and we do not have DNS client enabled on our CUPS server (all UC comms is usig IP addresses).  My question is, what is the best way to get CUPS to resolve the E2K7 fqdn (e.g. E2K7.CISCO.COM) ?  Can we run the "utils network host" command and specifiy the fqdn, or do we need to use the "set network dns" as the internal nameservers and "set network domain" as the suffix (e.g CISCO.COM).  Also - would these commands have any impact on the CUCM connectivity / SIP Domain etc?


thanks in advance

Brian

Correct Answer by htluo about 7 years 8 months ago

You need DNS for this integration.  It is because CUPS can only talks with Exchange via SSL.  And SSL requires the request URL match with the CN in the certificate.


As an (unusual) workaround, you may regnerate the Exchange certificate with IP address in subject name.


Michael

http://htluo.blogspot.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
btmulgrew Fri, 11/20/2009 - 12:39
User Badges:

Thanks Michael - i was wondering what the best way to enable DNS on CUPS is and if it will impact other components such as the SIP domain / CUCM?



thks

htluo Fri, 11/20/2009 - 13:32
User Badges:
  • Red, 2250 points or more

You may use the command "set network dns primary".  It won't affect the function with CUCM.


Regards,

Michael

btmulgrew Mon, 11/23/2009 - 14:55
User Badges:

Hi Michael - apologies for being so pedantic here; I have configured the DNS as suggested and can resolve the E2K7 FQDN, but the cert CN is referred to as a hostname only. Is the only way to have CUPS assign the suffix to the hostname to use the "set network domain" command?  I am wary of running this due to the warning that appears and concerns of impact again on SIP domain settings.  We are running a single CUPS server.


thanks again

Brian

Correct Answer
htluo Fri, 11/20/2009 - 12:29
User Badges:
  • Red, 2250 points or more

You need DNS for this integration.  It is because CUPS can only talks with Exchange via SSL.  And SSL requires the request URL match with the CN in the certificate.


As an (unusual) workaround, you may regnerate the Exchange certificate with IP address in subject name.


Michael

http://htluo.blogspot.com

Actions

This Discussion

Related Content