mkitchin.pub...@gmail.com wrote: >Subject: Re: [sipx-users] SSL Cert help > >Am I dead in the water here? Should I go ahead and reload the OS?
I'm fresh out of ideas. The one thing that seemed odd to me in your output from keytool was that the PathLen in both show as undefined under BasicConstraints. The keys are valid starting at Wed Jan 20 12:37:33 CST 2010. I assume your system time is after this? >> On 1/20/2010 1:30 PM, Raymond Dans wrote: >>> I believe it looks okay. The beginning of that line is for >the alias >>> name and you don't have one. I'm not familiar enough with this to >>> know whether have no alias is okay. >>> >>> Try issuing the keytool commands again and add '-v' after >the '-list'. >>> This will give more information. >> >> Ok. That output is below. I don't know exactly what I'm looking for, >> but nothing sticks out at me as wrong. >> >> [r...@nshpbx1 ssl]# keytool -list -v -keystore ssl.keystore >-storepass >> changeit >> >> Keystore type: JKS >> Keystore provider: SUN >> >> Your keystore contains 1 entry >> >> Alias name: nshpbx1.sipx.voip >> Creation date: Jan 20, 2010 >> Entry type: PrivateKeyEntry >> Certificate chain length: 1 >> Certificate[1]: >> Owner: emailaddress=r...@sipx.voip, CN=nshpbx1.sipx.voip, OU=VoIP >> Services, O=DSI, L=Nashville, ST=Tennessee, C=US >> Issuer: emailaddress=r...@sipx.voip, CN=DSI VoIP Certificate >> Authority, OU=VoIP Services, O=DSI, L=Nashville, ST=Tennessee, C=US >> Serial number: 141747f Valid from: Wed Jan 20 12:37:33 CST >2010 until: >> Sat Jan 19 12:37:33 CST 2013 Certificate fingerprints: >> MD5: 1C:7A:98:F7:7E:8A:20:0E:48:EF:EB:13:76:99:7C:09 >> SHA1: >> A3:B0:C2:58:D9:23:DE:1D:DF:9D:77:E2:04:D1:0D:BC:F2:FE:AB:EB >> Signature algorithm name: SHA1withRSA >> Version: 3 >> >> Extensions: >> >> #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ >> KeyIdentifier [ >> 0000: AB ED FC 92 E3 71 B4 3A 0E C3 C8 F3 60 23 C0 DC >.....q.:....`#.. >> 0010: 30 86 93 7E 0... >> ] >> ] >> >> #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ >> CA:false >> PathLen: undefined >> ] >> >> #3: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ >> URIName: sip:sipx.voip >> DNSName: nshpbx1.sipx.voip >> ] >> >> >> >> ******************************************* >> ******************************************* >> >> [r...@nshpbx1 ssl]# keytool -list -v -keystore authorities.jks >> -storepass changeit >> >> Keystore type: JKS >> Keystore provider: SUN >> >> Your keystore contains 1 entry >> >> Alias name: >> Creation date: Jan 20, 2010 >> Entry type: trustedCertEntry >> >> Owner: emailaddress=r...@sipx.voip, CN=nshpbx1.sipx.voip, OU=VoIP >> Services, O=DSI, L=Nashville, ST=Tennessee, C=US >> Issuer: emailaddress=r...@sipx.voip, CN=DSI VoIP Certificate >> Authority, OU=VoIP Services, O=DSI, L=Nashville, ST=Tennessee, C=US >> Serial number: 141747f >> Valid from: Wed Jan 20 12:37:33 CST 2010 until: Sat Jan 19 12:37:33 >> CST 2013 >> Certificate fingerprints: >> MD5: 1C:7A:98:F7:7E:8A:20:0E:48:EF:EB:13:76:99:7C:09 >> SHA1: >> A3:B0:C2:58:D9:23:DE:1D:DF:9D:77:E2:04:D1:0D:BC:F2:FE:AB:EB >> Signature algorithm name: SHA1withRSA >> Version: 3 >> >> Extensions: >> >> #1: ObjectId: 2.5.29.14 Criticality=false >> SubjectKeyIdentifier [ >> KeyIdentifier [ >> 0000: AB ED FC 92 E3 71 B4 3A 0E C3 C8 F3 60 23 C0 DC >.....q.:....`#.. >> 0010: 30 86 93 7E 0... >> ] >> ] >> >> #2: ObjectId: 2.5.29.19 Criticality=false >> BasicConstraints:[ >> CA:false >> PathLen: undefined >> ] >> >> #3: ObjectId: 2.5.29.17 Criticality=false >> SubjectAlternativeName [ >> URIName: sip:sipx.voip >> DNSName: nshpbx1.sipx.voip >> ] >> >> >> >> ******************************************* >> ******************************************* >> > > _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
