On Mon, 2010-01-18 at 11:00 -0500, Jeff Gilmore wrote: > I tried doing it all through the web GUI) after first changing the > underlying /usr/bin/ssl-cert/gen-ssl-keys.sh script (which I assume > gets called by the web GUI) so that it will generate a 2048 byte key, > since GoDaddy and other CAs are now requiring longer keys. > > It did seem to generate a longer CSR, so that change appeared to take. > However, the problems stated in my last message still remain. > > Developers, any ideas what might be the problem? Could the longer key > length be interfering with the way that the different processes > communicate with each other?
The longer key length itself is not likely the problem. > If you go to System/Servers and look at the list of sipx processes, > they all appear as Status: Undefined. I think that some of the > processes are either not starting or unable to communicate with the > config server (I restarted the whole server to be sure, but that made > no difference). This probably just means that sipXconfig can't talk to the supervisor, which would be true if the SSL key/certificate infrastructure is messed up. > Any suggestions of where to go from here? My thought is to try what > Tony said worked for him (doing it all through the web GUI) with one > modification--first changing the > underlying /usr/bin/ssl-cert/gen-ssl-keys.sh script (which I assume > gets called by the web GUI) so that it will generate a 2048 byte key, > since GoDaddy and other CAs are now requiring longer keys. > > If that doesn't work, I'm ready to give up on a real certificate, and > would just go back to self-signing. That seems like a reasonable plan of action. Frankly, I wouldn't invest much in getting externally generated keys working in a 4.0 system. There turn out to be many potential pitfalls, and it's clear that feature really wasn't ready for prime time. We're investing a fair amount of effort in this for 4.2... _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
