That is as far as I made it. I stopped when Scott Lawrence wrote the
part below. I'm just going to deal with the error messages until 4.2 I
think. I'm out of time to to tinker with it.
http://list.sipfoundry.org/archive/sipx-users/msg20684.html
"You need to install the certificate chain for the authority that issued
your SSL cert. The fact that there's no easy way to do this is one of
the problems with using external certificates in 4.0.
You can try this... get the certificate (or certificates... if the CA
uses a chain, you need them all) from the CA in PEM format.
Copy the certificates into the directory /etc/sipxpbx/ssl/authorities,
and then run /usr/bin/ssl-cert/ca_rehash and restart your sipXecs
processes.
Warning: this feature is buggy. This may make things worse. If you
need a reliable system, go back to the internal certs and wait for 4.2"
On 1/19/2010 12:03 PM, Grant Lang wrote:
Hi,
Yup that's a problem.
There are errors in that log around not being able to find the Go
Daddy Certificate:
OsSSL::verifyCallback invalid certificate at depth 0
error='unable to get local issuer certificate'
issuer='/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287'
Question is what could we do to fix it?
Changing the PIN from the GUI works fine, what else could it possibly
affect?
Cheers
Grant
------------------------------------------------------------------------
*From:* mkitchin.pub...@gmail.com [mkitchin.pub...@gmail.com]
*Sent:* Wednesday, 20 January 2010 7:00 a.m.
*To:* Grant Lang
*Cc:* Tony Graziano; sipx-users@list.sipfoundry.org
*Subject:* Re: [sipx-users] SSL Cert help
Look in
/var/log/sipxpbx/mediaserver_cgi.log
On 1/19/2010 11:58 AM, Grant Lang wrote:
Hi,
sipxproc looks fine to me but I cannot seem to change the PIN using a
phone:
[r...@sipxserver ~]# sipxproc -state
{"tate"=>false}
[r...@sipxserver ~]# sipxproc
{"FreeSWITCH"=>"Running",
"sipXmrtg"=>"Running",
"SIPRegistrar"=>"Running",
"ParkServer"=>"Running",
"ConfigAgent"=>"Running",
"CallResolver"=>"Running",
"ACDServer"=>"Running",
"SIPStatus"=>"Running",
"ConfigServer"=>"Running",
"CallResolver-Agent"=>"Disabled",
"SipXbridge"=>"Running",
"MediaServer"=>"Running",
"sipXivr"=>"Running",
"PageServer"=>"Running",
"PresenceServer"=>"Running",
"ResourceListServer"=>"Running",
"SipXrelay"=>"Running",
"SIPXProxy"=>"Running"}
[r...@sipxserver ~]#
However the installation might not be perfect as I have been messing
with it around the certificates, so a fresh install and re-test will
be next to make sure that changing the certificate does work as expected.
Cheers
Grant
------------------------------------------------------------------------
*From:* Tony Graziano [tgrazi...@myitdepartment.net]
*Sent:* Tuesday, 19 January 2010 10:28 p.m.
*To:* Grant Lang
*Cc:* Jeff Gilmore; sipx-users@list.sipfoundry.org
*Subject:* Re: [sipx-users] SSL Cert help
does: sipxproc --state
show anything strange? Are you able to change your voicemail pin from
a handset after doing this?
On Tue, Jan 19, 2010 at 2:06 AM, Grant Lang
<grant.l...@amplussolutions.com
<mailto:grant.l...@amplussolutions.com>> wrote:
Hi,
I think I have a possible solution.
I was reading through some of the files and posts and there was
an important statement, not sure on the relevance, but here goes.
Following Jeff’s instructions create a GoDaddy certificate in
/root/sslcert (or where ever) and run all the commands up to the
last one but don’t install it.
The important part I read was that the Web Certs aren’t checked
against the installed CA installed in the authorities directory,
so in the /etc/sipxpbx/ssl directory rename the three **-web.**
files and replace with the relevant GoDaddy cert files naming
them to ssl-web.* (where * is crt or keystore or key) .
I did this, restarted SipXecs services and everything I have
tested works, along with having a SSL browser that validates the
CA etc no problem. I then rebooted and everything still works as
expected.
I expect this will work with any SSL cert where a relevant CA is
available like an MS CA or in my case an external CA.
Now I haven’t tested absolutely everything so those out there
that want to test please post findings.
Perhaps this is what the Web Certificates page is for, but it
doesn’t work.
Cheers
Grant
*From:* sipx-users-boun...@list.sipfoundry.org
<mailto:sipx-users-boun...@list.sipfoundry.org>
[mailto:sipx-users-boun...@list.sipfoundry.org
<mailto:sipx-users-boun...@list.sipfoundry.org>] *On Behalf Of
*Jeff Gilmore
*Sent:* Tuesday, 19 January 2010 7:55 a.m.
*To:* sipx-users@list.sipfoundry.org
<mailto:sipx-users@list.sipfoundry.org>
*Subject:* Re: [sipx-users] SSL Cert help
Thanks all for insights.
I'm not sure what went wrong, but have successfully backed out of
it by simply running
*/usr/bin/ssl-cert/gen-ssl-keys.sh* then
*/usr/bin/ssl-cert/install-cert.sh*. My copy
of /usr/bin/ssl-cert/gen-ssl-keys.sh still has the 2048 byte key
change, and it seemed to work OK.
I'll live with the browser warnings for now...
Jeff
_______________________________________________
sipx-users mailing list sipx-users@list.sipfoundry.org
<mailto:sipx-users@list.sipfoundry.org>
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
--
======================
Tony Graziano, Manager
Telephone: 434.984.8430
Fax: 434.984.8431
Email: tgrazi...@myitdepartment.net <mailto:tgrazi...@myitdepartment.net>
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
Fax: 434.984.8427
Helpdesk Contract Customers:
http://www.myitdepartment.net/gethelp/
Why do mathematicians always confuse Halloween and Christmas?
Because 31 Oct = 25 Dec.
_______________________________________________
sipx-users mailing listsipx-us...@list.sipfoundry.org
List Archive:http://list.sipfoundry.org/archive/sipx-users
Unsubscribe:http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX --http://www.sipfoundry.org/
_______________________________________________
sipx-users mailing list sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
