I too have been trying to find this answer for quite some time so that users aren't nervous about the warning. I was told, as I recall, that this is not quite ready yet. I also have the opportunity to use an external SSL processing device but this won't work either.
As for the 2048bit cert, you just edit one of the files to reflect this but I can't recall which. Found it on google of course. Here are the steps I took and posted about. Mike I am following the steps in; http://sipxecs.sipfoundry.org/doc/INSTALL.ssl.html However, I continue to get the following output so need a hand if someone could. I follow the next step; To generate a private key and certificate request for use with a public or private certificate authority: /usr/bin/ssl-cert/gen-ssl-keys.sh --csr I use the csr file to generate a cert on godaddy. I then copy that into my /root/sslkeys directory with the other files so have the following;. -rw-r--r-- 1 root root 1952 Dec 28 00:05 host.mydomain.com.crt -rw-r--r-- 1 root root 1240 Dec 28 00:09 host.mydomain.com.csr -rw-r----- 1 root root 1675 Dec 28 00:09 host.mydomain.com.key I then follow step 3, as root; [r...@uc sslkeys]# /usr/bin/ssl-cert/install-cert.sh host.mydomain.com.key Checking the 'host.mydomain.com' certificate SSL Certificate '/root/sslkeys/host.mydomain.com.crt' is invalid as client certificate. /root/sslkeys/host.mydomain.com.crt: /O=host.mydomain.com/OU=Domain Control Validated/CN=host.mydomain.com error 20 at 0 depth lookup:unable to get local issuer certificate SSL Certificate '/root/sslkeys/host.mydomain.com.crt' is invalid as server certificate. /root/sslkeys/host.mydomain.com.crt: /O=host.mydomain.com/OU=Domain Control Validated/CN=host.mydomain.com error 20 at 0 depth lookup:unable to get local issuer certificate SSL certificates: /root/sslkeys/host.mydomain.com.crt Check failed for /root/sslkeys/host.mydomain.com.crt /root/sslkeys/host.mydomain.com.crt ! Check failed - certificate and key not installed. You may need to obtain the root certificate for your CA ('Go Daddy Secure Certification Authority'). If you get a copy of the root certificate, put it in this directory, named 'Go Daddy Secure Certification Authority.crt' and rerun this command. So I created such a file and pasted the godaddy cert info in it; -rw-r--r-- 1 root root 1229 Dec 4 16:23 authorities.jks -rw-r--r-- 1 root root 1448 Dec 27 23:01 Go Daddy Secure Certification Authority.crt -rw-r--r-- 1 root root 2048 Dec 28 00:09 rnd_seed -rw-r--r-- 1 root root 261 Dec 4 11:41 SSL_DEFAULTS -rw-r--r-- 1 root root 1952 Dec 28 00:05 host.mydomain.crt -rw-r--r-- 1 root root 1240 Dec 28 00:09 host.mydomain.csr -rw-r----- 1 root root 1675 Dec 28 00:09 host.mydomain.key No difference, always the same outcome. Does anyone know what I might be missing? Also, the self signed crt looks different then the one godaddy hands out. The docs say to use the apache version, which I have but the self signed crt files have information before the BEGIN CERTIFICATE and END CERTIFICATE section itself.
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
