Thanks Stefan for the pointer. There isn't a /etc/ssl/openssl.cnf on the Centos7 box. There is a /etc/pki/tls/openssl.cnf, but there's no MinProtocol or CipherString defined there. I installed corebot (for Letsencrypt auto renewal) thru snap. The openssl.cnf that comes with snap (under /var/lib/snapd/snap/core/current/etc/ssl) is pretty similar to the one under /etc/pki/tls, in both lacking MinProtocol and CipherString definitions.
[root@voip1 ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 if it helps with anything. Thanks, --Ruisheng On Fri, Jan 29, 2021 at 5:55 AM Stefan Tichy <asteri...@pi4tel.de> wrote: > On Tue, Jan 26, 2021 at 10:12:22AM -1000, Ruisheng Peng wrote: > > > The self-sign asterisk.crt: > > I saved that file in "x.crt". > > openssl x509 -in x.crt -noout -text > > .... > RSA Public-Key: (1024 bit) > .... > > > > > and Letsencrypt cert.pem: > > I saved that file in "y.crt". > > openssl x509 -in y.crt -noout -enddate > notAfter=Jan 29 01:24:25 2021 GMT > > > > There were a few mentions of this problem on the web, and one said > changing > > the security mode of the certs to 755 fixed his problem. > > That makes no sense. > > > > Which version of openssl ist used on that CentOS7 box ? > > In "/etc/ssl/openssl.cnf" you find something like this: > > MinProtocol = TLSv1.2 > CipherString = DEFAULT@SECLEVEL=2 > > You could set the level to "1" or even to "0" and restart Asterisk. > > > -- > Stefan Tichy > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users