On Tue, 2008-07-01 at 12:48 +0300, Bogdan Brezoi wrote:
> Hi,
>
> I've attached to XCF-2428 some screenshots presenting our UI proposal
> for this issue (see http://track.sipfoundry.org/browse/XCF-2428 ). The
> implementation in this form is mostly done. However, i still have some
> questions:
> - i assumed that the properties file and the csr and certificate should
> reside in the {prefix}/bin/ssl-cert directory. Is this assumption ok?
> The application looks for the properties file, reads it, and based on
> the serverName property, tries to locate the active csr file in this
> directory.
No - you should not put working files anywhere under bin.
Create a new directory under
{prefix}/var/sipxdata/configserver
and pass the path to that directory to the gen-ssl-keys.sh script using
the -wd argument.
> - in the import certificate tab, i assumed that only one control should
> be used for entering the certificate file (either the upload control,
> either the text area control). So, an error message saying that only one
> control should be used will appear, when trying to use both controls. Is
> this approach correct? or maybe we should allow both controls to be
> used, and one of them (let's say the upload control) will override the
> other one (text area) ? Also, the text area in this tab is only used to
> enter the certificate in a raw form, not to display the actual
> certificate being used. Should this aspect change?
I'd make a radio button control that selects which is to be used (and
then change it automatically when either CSR input mechanism is
modified).
> - after a new certificate is imported, i think the
> {prefix}/etc/sipxpbx/httpd-sipxchange-common-ssl.conf file should be
> changed in order to reflect the newly imported certificate. Is this
> correct, i mean is this the only file that has to be modified in order
> to apply the new changes regarding certificates ? Should the application
> auto-restart after importing the new certificate (after pressing the
> import button in the import certificate tab) or should it just modify
> the configuration file and the changes would take place the next time
> the applications will be restarted ?
I don't know about this ... are there any direct browser interfaces to
apache left? We only need to change the apache cert for this if the
browser directly interfaces with apache using ssl. I suspect that never
happens now that the voicemail portal is in sipXconfig.
We need to load the new certificate into Java for sure... Damian has
been working on that.
--
Scott Lawrence tel:+1.781.229.0533;ext=162 or sip:[EMAIL PROTECTED]
sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs
CTO, Voice Solutions - Bluesocket Inc. http://www.bluesocket.com/
http://www.pingtel.com/
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
