Re: [sipx-users] Users can't change voice mail PIN

Tue, 19 Jan 2010 06:20:10 -0800 

On Mon, 2010-01-18 at 16:56 -0600, mkitchin.pub...@gmail.com wrote:
> Sorry for spreading this across multiple emails. It seems it may 
> definitely be the SSL certificate. I'm far from an expert in this,
> but 
> it looks like it can't figure out where to go to verify the the SSL 
> cert. I may have to abort and go back to the internal certificate I 
> guess. I don't have a clue what the correct (assuming it is possible) 
> way to fix this would be.
> 
> "2010-01-18T22:49:30.483308Z":1:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSL::verifyCallback
>  
> invalid certificate at depth 0\n       error='unable to get local
> issuer 
> certificate'\n       
> issuer='/DC=net/DC=dsi-corp/CN=nshsubject='/C=US/ST=TN/L=Davidson/O=DSI/OU=VoIP
>  
> Services/CN=nshpbx1.sipx.voip/emailaddress=matt...@munged.com'"
> "2010-01-18T22:49:30.483508Z":2:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSLConnectionSocket
>  
> SSL_connect failed: :\n   SSL error: 1 
> 'error:00000001:lib(0):func(0):reason(1)'"
> "2010-01-18T22:49:30.483555Z":3:HTTP:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"HttpMessage::get[4]
>  
> socket to 10.87.20.5:8443 not connected, retry 1 after 20ms"
> "2010-01-18T22:49:30.510936Z":4:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSL::verifyCallback
>  
> invalid certificate at depth 0\n       error='unable to get local
> issuer 
> certificate'\n       

You need to install the certificate chain for the authority that issued
your SSL cert.  The fact that there's no easy way to do this is one of
the problems with using external certificates in 4.0.

You can try this... get the certificate (or certificates... if the CA
uses a chain, you need them all) from the CA in PEM format.

Copy the certificates into the directory /etc/sipxpbx/ssl/authorities,
and then run /usr/bin/ssl-cert/ca_rehash and restart your sipXecs
processes.

Warning: this feature is buggy.  This may make things worse.  If you
need a reliable system, go back to the internal certs and wait for 4.2

_______________________________________________
sipx-users mailing list sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to