Hi, Yup that's a problem.
There are errors in that log around not being able to find the Go Daddy Certificate: OsSSL::verifyCallback invalid certificate at depth 0 error='unable to get local issuer certificate' issuer='/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287' Question is what could we do to fix it? Changing the PIN from the GUI works fine, what else could it possibly affect? Cheers Grant ________________________________ From: mkitchin.pub...@gmail.com [mkitchin.pub...@gmail.com] Sent: Wednesday, 20 January 2010 7:00 a.m. To: Grant Lang Cc: Tony Graziano; sipx-users@list.sipfoundry.org Subject: Re: [sipx-users] SSL Cert help Look in /var/log/sipxpbx/mediaserver_cgi.log On 1/19/2010 11:58 AM, Grant Lang wrote: Hi, sipxproc looks fine to me but I cannot seem to change the PIN using a phone: [r...@sipxserver ~]# sipxproc -state {"tate"=>false} [r...@sipxserver ~]# sipxproc {"FreeSWITCH"=>"Running", "sipXmrtg"=>"Running", "SIPRegistrar"=>"Running", "ParkServer"=>"Running", "ConfigAgent"=>"Running", "CallResolver"=>"Running", "ACDServer"=>"Running", "SIPStatus"=>"Running", "ConfigServer"=>"Running", "CallResolver-Agent"=>"Disabled", "SipXbridge"=>"Running", "MediaServer"=>"Running", "sipXivr"=>"Running", "PageServer"=>"Running", "PresenceServer"=>"Running", "ResourceListServer"=>"Running", "SipXrelay"=>"Running", "SIPXProxy"=>"Running"} [r...@sipxserver ~]# However the installation might not be perfect as I have been messing with it around the certificates, so a fresh install and re-test will be next to make sure that changing the certificate does work as expected. Cheers Grant ________________________________ From: Tony Graziano [tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net>] Sent: Tuesday, 19 January 2010 10:28 p.m. To: Grant Lang Cc: Jeff Gilmore; sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org> Subject: Re: [sipx-users] SSL Cert help does: sipxproc --state show anything strange? Are you able to change your voicemail pin from a handset after doing this? On Tue, Jan 19, 2010 at 2:06 AM, Grant Lang <grant.l...@amplussolutions.com<mailto:grant.l...@amplussolutions.com>> wrote: Hi, I think I have a possible solution. I was reading through some of the files and posts and there was an important statement, not sure on the relevance, but here goes. Following Jeff’s instructions create a GoDaddy certificate in /root/sslcert (or where ever) and run all the commands up to the last one but don’t install it. The important part I read was that the Web Certs aren’t checked against the installed CA installed in the authorities directory, so in the /etc/sipxpbx/ssl directory rename the three *-web.* files and replace with the relevant GoDaddy cert files naming them to ssl-web.* (where * is crt or keystore or key) . I did this, restarted SipXecs services and everything I have tested works, along with having a SSL browser that validates the CA etc no problem. I then rebooted and everything still works as expected. I expect this will work with any SSL cert where a relevant CA is available like an MS CA or in my case an external CA. Now I haven’t tested absolutely everything so those out there that want to test please post findings. Perhaps this is what the Web Certificates page is for, but it doesn’t work. Cheers Grant From: sipx-users-boun...@list.sipfoundry.org<mailto:sipx-users-boun...@list.sipfoundry.org> [mailto:sipx-users-boun...@list.sipfoundry.org<mailto:sipx-users-boun...@list.sipfoundry.org>] On Behalf Of Jeff Gilmore Sent: Tuesday, 19 January 2010 7:55 a.m. To: sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org> Subject: Re: [sipx-users] SSL Cert help Thanks all for insights. I'm not sure what went wrong, but have successfully backed out of it by simply running /usr/bin/ssl-cert/gen-ssl-keys.sh then /usr/bin/ssl-cert/install-cert.sh. My copy of /usr/bin/ssl-cert/gen-ssl-keys.sh still has the 2048 byte key change, and it seemed to work OK. I'll live with the browser warnings for now... Jeff _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org> List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net> LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org> List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
