Re: [sipx-users] Generate CSR Question

2012-04-23 Thread Josh Patten 
In addition to doing this you should also add these chain certificates to
the web certificate you upload to sipxconfig. This is so that the full
certificate chain can be loaded and presented to browsers. To do this
simply add the intermediate certificate chains to the beginning of the web
SSL cert like so:

-BEGIN CERTIFICATE-
intermediate-cert-text-goes-here
-END CERTIFICATE-
-BEGIN CERTIFICATE-
2nd-intermediate-cert-text-goes-here
-END CERTIFICATE-
-BEGIN CERTIFICATE-
3rd-intermediate-cert-text-goes-here
-END CERTIFICATE-
-BEGIN CERTIFICATE-
SSL-cert-text-goes-here
-END CERTIFICATE-

On Fri, Apr 20, 2012 at 4:09 PM, Robert Schroeder <
robert.schroe...@memberfirstmortgage.com> wrote:

> I also had to drop the Certificate Authorities CRT files for GoDaddy of
> gd-class2-root.crt, gd_intermediate.crt & gdroot-g2.crt into the(
>  /etc/sipxpbx/ssl/authorities ) directory. I restarted the sipxecs service
> and then proceeded to add the web certificate downloaded from GoDaddy.
>
> ** **
>
> sipXecs System/Certificate Authorities area would not allow me to add the
> CA CRT files for GoDaddy via the web administration portal. That is why I
> published the above information.
>
> ** **
>
> Thanks everyone…
>
> ** **
>
> *From:* sipx-users-boun...@list.sipfoundry.org [mailto:
> sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Robert Schroeder
> *Sent:* Friday, April 20, 2012 4:50 PM
> *To:* sipx-users@list.sipfoundry.org
>
> *Subject:* Re: [sipx-users] Generate CSR Question
>
> ** **
>
> Yeps, no luck in the search.
>
> ** **
>
> However Jim Nolen of IIPS was a great help and gave me the following
> information to solve the problem.
>
> ** **
>
> Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:
>
> ServerKeyBits=1024[change to 2048]
>
> ** **
>
> If I knew how to add this info to the wiki I would. Perhaps a feature
> could be added to ask the user hitting the generate button if they would
> like a 1024, 2048 or 4096 CSR.
>
> ** **
>
> Thanks Mr. Nolen for the help (Smiles)
>
> ** **
>
> *From:* sipx-users-boun...@list.sipfoundry.org [mailto:
> sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Michael Picher
> *Sent:* Friday, April 20, 2012 4:35 PM
> *To:* Discussion list for users of sipXecs software
> *Subject:* Re: [sipx-users] Generate CSR Question
>
> ** **
>
> did you check the wiki?
>
> On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder <
> robert.schroe...@memberfirstmortgage.com> wrote:
>
> How do I change the configuration for the certificates area to generate a
> 2048 bit key instead of a 1024? I have changed the openssl.cnf file in
> /etc/pki/tls/ location and selected the generate button and still no 2048
> key is generated.
>
>  
>
> I am sure this is an educational issue on my part.
>
>  
>
> Yes I have searched the wiki site.
>
>  
>
> Thanks everyone,
>
>  
>
> Rob
>
> ** **
> --
>
>
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or
>
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
>
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
>
> is strictly prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email
> and delete all copies.
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
>
>
> 
>
> ** **
>
> --
> Michael Picher, Director of Technical Services
> eZuce, Inc.
>
> 300 Brickstone Square
>
> Suite 201
>
> Andover, MA. 01810
>
> O.978-296-1005 X2015
> M.207-956-0262
> @mpicher <http://twitter.com/mpicher>
> www.ezuce.com
>
> ** **
>
>
> 
> 
>
> There are 10 kinds of people in the world, those who understand binary and
> those who don't.
>
> ** **
>
> ** **
> --
>
>
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or
>
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may c

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread Tony Graziano 
It is on the tracker. I think the GUI needs to be adjusted to allow it. I
also know 4.6 has major cert rework, maybe it can be posted to the dev list
whether it is being addressed in 4.6 or not.

http://track.sipfoundry.org/browse/XX-9390

All of the above (intermediate and changing the script to 2048 bits is on
the mailing list. It should be on the wiki AND in the JIRA though.

It's not like its someones secret sauce or anything.

On Fri, Apr 20, 2012 at 5:09 PM, Robert Schroeder <
robert.schroe...@memberfirstmortgage.com> wrote:

> I also had to drop the Certificate Authorities CRT files for GoDaddy of
> gd-class2-root.crt, gd_intermediate.crt & gdroot-g2.crt into the(
>  /etc/sipxpbx/ssl/authorities ) directory. I restarted the sipxecs service
> and then proceeded to add the web certificate downloaded from GoDaddy.
>
> ** **
>
> sipXecs System/Certificate Authorities area would not allow me to add the
> CA CRT files for GoDaddy via the web administration portal. That is why I
> published the above information.
>
> ** **
>
> Thanks everyone…
>
> ** **
>
> *From:* sipx-users-boun...@list.sipfoundry.org [mailto:
> sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Robert Schroeder
> *Sent:* Friday, April 20, 2012 4:50 PM
> *To:* sipx-users@list.sipfoundry.org
>
> *Subject:* Re: [sipx-users] Generate CSR Question
>
> ** **
>
> Yeps, no luck in the search.
>
> ** **
>
> However Jim Nolen of IIPS was a great help and gave me the following
> information to solve the problem.
>
> ** **
>
> Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:
>
> ServerKeyBits=1024[change to 2048]
>
> ** **
>
> If I knew how to add this info to the wiki I would. Perhaps a feature
> could be added to ask the user hitting the generate button if they would
> like a 1024, 2048 or 4096 CSR.
>
> ** **
>
> Thanks Mr. Nolen for the help (Smiles)
>
> ** **
>
> *From:* sipx-users-boun...@list.sipfoundry.org [mailto:
> sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Michael Picher
> *Sent:* Friday, April 20, 2012 4:35 PM
> *To:* Discussion list for users of sipXecs software
> *Subject:* Re: [sipx-users] Generate CSR Question
>
> ** **
>
> did you check the wiki?
>
> On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder <
> robert.schroe...@memberfirstmortgage.com> wrote:
>
> How do I change the configuration for the certificates area to generate a
> 2048 bit key instead of a 1024? I have changed the openssl.cnf file in
> /etc/pki/tls/ location and selected the generate button and still no 2048
> key is generated.
>
>  
>
> I am sure this is an educational issue on my part.
>
>  
>
> Yes I have searched the wiki site.
>
>  
>
> Thanks everyone,
>
>  
>
> Rob
>
> ** **
> --
>
>
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or
>
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
>
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
>
> is strictly prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email
> and delete all copies.
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
>
>
> 
>
> ** **
>
> --
> Michael Picher, Director of Technical Services
> eZuce, Inc.
>
> 300 Brickstone Square
>
> Suite 201
>
> Andover, MA. 01810
>
> O.978-296-1005 X2015
> M.207-956-0262
> @mpicher <http://twitter.com/mpicher>
> www.ezuce.com
>
> ** **
>
>
> 
> 
>
> There are 10 kinds of people in the world, those who understand binary and
> those who don't.
>
> ** **
>
> ** **
> --
>
>
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or
>
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
>
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
>
> is strictly prohibited. If you have received this message in

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread Robert Schroeder 
I also had to drop the Certificate Authorities CRT files for GoDaddy of 
gd-class2-root.crt, gd_intermediate.crt & gdroot-g2.crt into the(  
/etc/sipxpbx/ssl/authorities ) directory. I restarted the sipxecs service and 
then proceeded to add the web certificate downloaded from GoDaddy.
 
sipXecs System/Certificate Authorities area would not allow me to add the CA 
CRT files for GoDaddy via the web administration portal. That is why I 
published the above information.
 
Thanks everyone...
 
From: sipx-users-boun...@list.sipfoundry.org 
[mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Robert Schroeder
Sent: Friday, April 20, 2012 4:50 PM
To: sipx-users@list.sipfoundry.org
Subject: Re: [sipx-users] Generate CSR Question
 
Yeps, no luck in the search.
 
However Jim Nolen of IIPS was a great help and gave me the following 
information to solve the problem.
 
Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:
ServerKeyBits=1024[change to 2048]
 
If I knew how to add this info to the wiki I would. Perhaps a feature could be 
added to ask the user hitting the generate button if they would like a 1024, 
2048 or 4096 CSR.
 
Thanks Mr. Nolen for the help (Smiles)
 
From: sipx-users-boun...@list.sipfoundry.org 
[mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael Picher
Sent: Friday, April 20, 2012 4:35 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] Generate CSR Question
 
did you check the wiki?
On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder 
 wrote:
How do I change the configuration for the certificates area to generate a 2048 
bit key instead of a 1024? I have changed the openssl.cnf file in /etc/pki/tls/ 
location and selected the generate button and still no 2048 key is generated.
 
I am sure this is an educational issue on my part.
 
Yes I have searched the wiki site.
 
Thanks everyone,
 
Rob
 


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/


 
-- 
Michael Picher, Director of Technical Services
eZuce, Inc.
300 Brickstone Square
Suite 201
Andover, MA. 01810
O.978-296-1005 X2015 
M.207-956-0262
@mpicher <http://twitter.com/mpicher> 
www.ezuce.com
 

There are 10 kinds of people in the world, those who understand binary and 
those who don't.
 
 


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread jnolen 
Rob,

I'd appreciate it if you would not publish my name.

Thanks,

jim


> Yeps, no luck in the search.
> 
>  
> 
> However Jim Nolen of IIPS was a great help and gave me the following
> information to solve the problem.
> 
>  
> 
> Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:
> 
> ServerKeyBits=1024[change to 2048]
> 
>  
> 
> If I knew how to add this info to the wiki I would. Perhaps a feature
> could be added to ask the user hitting the generate button if they
> would like a 1024, 2048 or 4096 CSR.
> 
>  
> 
> Thanks Mr. Nolen for the help (Smiles)
> 
>  
> 
> From: sipx-users-boun...@list.sipfoundry.org
> [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael
> Picher
> Sent: Friday, April 20, 2012 4:35 PM
> To: Discussion list for users of sipXecs software
> Subject: Re: [sipx-users] Generate CSR Question
> 
>  
> 
> did you check the wiki?
> 
> On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder
>  wrote:
> 
> How do I change the configuration for the certificates area to
> generate a 2048 bit key instead of a 1024? I have changed the
> openssl.cnf file in /etc/pki/tls/ location and selected the generate
> button and still no 2048 key is generated.
> 
>  
> 
> I am sure this is an educational issue on my part.
> 
>  
> 
> Yes I have searched the wiki site.
> 
>  
> 
> Thanks everyone,
> 
>  
> 
> Rob
> 
> 
>  
> 
>
> __
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or 
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
> is strictly prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email
> and delete all copies.
> 
> 
> 
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> 
> 
> 
>  
> 
> 
> -- 
> Michael Picher, Director of Technical Services
> eZuce, Inc.
> 
> 300 Brickstone Square
> 
> Suite 201
> 
> Andover, MA. 01810
> 
> O.978-296-1005 X2015 
> M.207-956-0262
> @mpicher <http://twitter.com/mpicher> 
> www.ezuce.com
> 
> 
>  
> 
> 
> 
> 
> 
> There are 10 kinds of people in the world, those who understand binary
> and those who don't.
> 
> 
>  
> 
> 
> 
> 
> 
> __
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or 
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
> is strictly prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email
> and delete all copies.
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/


___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread Robert Schroeder 
Yeps, no luck in the search.
 
However Jim Nolen of IIPS was a great help and gave me the following 
information to solve the problem.
 
Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:
ServerKeyBits=1024[change to 2048]
 
If I knew how to add this info to the wiki I would. Perhaps a feature could be 
added to ask the user hitting the generate button if they would like a 1024, 
2048 or 4096 CSR.
 
Thanks Mr. Nolen for the help (Smiles)
 
From: sipx-users-boun...@list.sipfoundry.org 
[mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael Picher
Sent: Friday, April 20, 2012 4:35 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] Generate CSR Question
 
did you check the wiki?
On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder 
 wrote:
How do I change the configuration for the certificates area to generate a 2048 
bit key instead of a 1024? I have changed the openssl.cnf file in /etc/pki/tls/ 
location and selected the generate button and still no 2048 key is generated.
 
I am sure this is an educational issue on my part.
 
Yes I have searched the wiki site.
 
Thanks everyone,
 
Rob
 


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/


 
-- 
Michael Picher, Director of Technical Services
eZuce, Inc.
300 Brickstone Square
Suite 201
Andover, MA. 01810
O.978-296-1005 X2015 
M.207-956-0262
@mpicher <http://twitter.com/mpicher> 
www.ezuce.com
 

There are 10 kinds of people in the world, those who understand binary and 
those who don't.
 


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread Tony Graziano 
I seem to recall the script may need to be or was it already modified to
handle 2048 bit certificates?

Besides that I think it had to be done manually AND noone updated the wiki
or the list as to whether or not it worked.

On Fri, Apr 20, 2012 at 4:34 PM, Michael Picher  wrote:

> did you check the wiki?
>
> On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder <
> robert.schroe...@memberfirstmortgage.com> wrote:
>
>> How do I change the configuration for the certificates area to generate a
>> 2048 bit key instead of a 1024? I have changed the openssl.cnf file in
>> /etc/pki/tls/ location and selected the generate button and still no 2048
>> key is generated.
>>
>> ** **
>>
>> I am sure this is an educational issue on my part.
>>
>> ** **
>>
>> Yes I have searched the wiki site.
>>
>> ** **
>>
>> Thanks everyone,
>>
>> ** **
>>
>> Rob
>>
>>
>> --
>>
>> NOTICE: This electronic mail message and any content within it are intended 
>> exclusively for the individual(s) or
>>
>> entities to which it is addressed. The message, together with any 
>> attachments and all other content, may contain
>>
>> confidential and/or privileged information. Any unauthorized review, use, 
>> print, save, copy, disclosure or distribution
>>
>> is strictly prohibited. If you have received this message in error, please 
>> immediately advise the sender by reply email
>> and delete all copies.
>>
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>
>
>
>
> --
> Michael Picher, Director of Technical Services
> eZuce, Inc.
>
> 300 Brickstone Square
>
> Suite 201
>
> Andover, MA. 01810
> O.978-296-1005 X2015
> M.207-956-0262
> @mpicher 
> www.ezuce.com
>
>
> 
> There are 10 kinds of people in the world, those who understand binary and
> those who don't.
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>



-- 
~~
Tony Graziano, Manager
Telephone: 434.984.8430
sip: tgrazi...@voice.myitdepartment.net
Fax: 434.465.6833
~~
Linked-In Profile:
http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
Ask about our Internet Fax services!
~~

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] Generate CSR Question

2012-04-20 Thread Michael Picher 
did you check the wiki?

On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder <
robert.schroe...@memberfirstmortgage.com> wrote:

> How do I change the configuration for the certificates area to generate a
> 2048 bit key instead of a 1024? I have changed the openssl.cnf file in
> /etc/pki/tls/ location and selected the generate button and still no 2048
> key is generated.
>
> ** **
>
> I am sure this is an educational issue on my part.
>
> ** **
>
> Yes I have searched the wiki site.
>
> ** **
>
> Thanks everyone,
>
> ** **
>
> Rob
>
>
> --
>
> NOTICE: This electronic mail message and any content within it are intended 
> exclusively for the individual(s) or
>
> entities to which it is addressed. The message, together with any attachments 
> and all other content, may contain
>
> confidential and/or privileged information. Any unauthorized review, use, 
> print, save, copy, disclosure or distribution
>
> is strictly prohibited. If you have received this message in error, please 
> immediately advise the sender by reply email
> and delete all copies.
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>



-- 
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square

Suite 201

Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher 
www.ezuce.com


There are 10 kinds of people in the world, those who understand binary and
those who don't.
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

[sipx-users] Generate CSR Question

2012-04-20 Thread Robert Schroeder 
How do I change the configuration for the certificates area to generate a 2048 
bit key instead of a 1024? I have changed the openssl.cnf file in /etc/pki/tls/ 
location and selected the generate button and still no 2048 key is generated.
 
I am sure this is an educational issue on my part.
 
Yes I have searched the wiki site.
 
Thanks everyone,
 
Rob


NOTICE: This electronic mail message and any content within it are intended 
exclusively for the individual(s) or 
entities to which it is addressed. The message, together with any attachments 
and all other content, may contain
confidential and/or privileged information. Any unauthorized review, use, 
print, save, copy, disclosure or distribution
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email
and delete all copies.
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/