I will wait for 4.2. Thank you. ------Original Message------ From: Scott Lawrence To: mkitchin.pub...@gmail.com Cc: sipx-users@list.sipfoundry.org Subject: Re: [sipx-users] Users can't change voice mail PIN Sent: Jan 19, 2010 8:19 AM
On Mon, 2010-01-18 at 16:56 -0600, mkitchin.pub...@gmail.com wrote: > Sorry for spreading this across multiple emails. It seems it may > definitely be the SSL certificate. I'm far from an expert in this, > but > it looks like it can't figure out where to go to verify the the SSL > cert. I may have to abort and go back to the internal certificate I > guess. I don't have a clue what the correct (assuming it is possible) > way to fix this would be. > > "2010-01-18T22:49:30.483308Z":1:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSL::verifyCallback > > invalid certificate at depth 0\n error='unable to get local > issuer > certificate'\n > issuer='/DC=net/DC=dsi-corp/CN=nshsubject='/C=US/ST=TN/L=Davidson/O=DSI/OU=VoIP > > Services/CN=nshpbx1.sipx.voip/emailaddress=matt...@munged.com'" > "2010-01-18T22:49:30.483508Z":2:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSLConnectionSocket > > SSL_connect failed: :\n SSL error: 1 > 'error:00000001:lib(0):func(0):reason(1)'" > "2010-01-18T22:49:30.483555Z":3:HTTP:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"HttpMessage::get[4] > > socket to 10.87.20.5:8443 not connected, retry 1 after 20ms" > "2010-01-18T22:49:30.510936Z":4:KERNEL:ERR:nshpbx1.sipx.voip:pid-32405:739B5C30:mediaservercgi:"OsSSL::verifyCallback > > invalid certificate at depth 0\n error='unable to get local > issuer > certificate'\n You need to install the certificate chain for the authority that issued your SSL cert. The fact that there's no easy way to do this is one of the problems with using external certificates in 4.0. You can try this... get the certificate (or certificates... if the CA uses a chain, you need them all) from the CA in PEM format. Copy the certificates into the directory /etc/sipxpbx/ssl/authorities, and then run /usr/bin/ssl-cert/ca_rehash and restart your sipXecs processes. Warning: this feature is buggy. This may make things worse. If you need a reliable system, go back to the internal certs and wait for 4.2 Sent via BlackBerry from T-Mobile _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
