CUPS - Enabling DNS for Certificates to support E2K7

Answered Question
Nov 20th, 2009

Hi - We have been having some issues with our customer's E2K7 / W2K8 calendaring integration with CUPS 7.0.4.  It looks as though E2K7 installs a self signed cert in it's store as part of the install for client email access.  This cert CN, however, is based on the DNS name (e.g. E2K7) and not IP and we do not have DNS client enabled on our CUPS server (all UC comms is usig IP addresses).  My question is, what is the best way to get CUPS to resolve the E2K7 fqdn (e.g. E2K7.CISCO.COM) ?  Can we run the "utils network host" command and specifiy the fqdn, or do we need to use the "set network dns" as the internal nameservers and "set network domain" as the suffix (e.g CISCO.COM).  Also - would these commands have any impact on the CUCM connectivity / SIP Domain etc?

thanks in advance

Brian

I have this problem too.
0 votes
Correct Answer by htluo about 7 years 2 months ago

You need DNS for this integration.  It is because CUPS can only talks with Exchange via SSL.  And SSL requires the request URL match with the CN in the certificate.

As an (unusual) workaround, you may regnerate the Exchange certificate with IP address in subject name.

Michael

http://htluo.blogspot.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
btmulgrew Fri, 11/20/2009 - 12:39

Thanks Michael - i was wondering what the best way to enable DNS on CUPS is and if it will impact other components such as the SIP domain / CUCM?

thks

htluo Fri, 11/20/2009 - 13:32

You may use the command "set network dns primary".  It won't affect the function with CUCM.

Regards,

Michael

btmulgrew Mon, 11/23/2009 - 14:55

Hi Michael - apologies for being so pedantic here; I have configured the DNS as suggested and can resolve the E2K7 FQDN, but the cert CN is referred to as a hostname only. Is the only way to have CUPS assign the suffix to the hostname to use the "set network domain" command?  I am wary of running this due to the warning that appears and concerns of impact again on SIP domain settings.  We are running a single CUPS server.

thanks again

Brian

Correct Answer
htluo Fri, 11/20/2009 - 12:29

You need DNS for this integration.  It is because CUPS can only talks with Exchange via SSL.  And SSL requires the request URL match with the CN in the certificate.

As an (unusual) workaround, you may regnerate the Exchange certificate with IP address in subject name.

Michael

http://htluo.blogspot.com

Actions

This Discussion

Related Content