This is how I do it in 4.4 with Microsoft certificate services. I had to make sure the cert server was 2008 (R2 I think) and create a template that does both server and user certs.
mkdir $HOME/sslkeys cd $HOME/sslkeys /usr/bin/ssl-cert/gen-ssl-keys.sh --csr Country Name (2 letter code) [] : US State or Province Name (full name) [] : Tennessee Locality Name (eg, city) [] : Nashville Organization Name (eg, company) [] : DSI Organization Unit Name (eg, section) [VoIP Services] : These steps run on Microsoft CA server http://nshpwis7/certsrv/ cat pbx.tx207.sipx.voip.csr Submit, and download as DER openssl x509 -in pbx.tx207.sipx.voip.cer -inform DER -out pbx.tx207.sipx.voip.crt -outform PEM mkdir /etc/sipxpbx/ssl/old cp -r /etc/sipxpbx/ssl/* /etc/sipxpbx/ssl/old/ cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl-web.crt cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl-web.key cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl.crt cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl.key rm /etc/sipxpbx/ssl/ssl.keystore rm /etc/sipxpbx/ssl/ssl-web.keystore cp nshpwis7.dsi-corp.netCA.crt /etc/sipxpbx/ssl/authorities /usr/bin/ssl-cert/ca_rehash On 1/24/2012 6:43 AM, Tony Graziano wrote: > i think with the results of sipx-stage (whether the fix was successful > or not), and your notes, this would make a good wiki article (4.4.0 -- > starting with stable versions dated 2012 and later, sipxconfig should > be used, alternately the instruction for installing via CLI are...). > > On Tue, Jan 24, 2012 at 6:55 AM, Matthew Kitchin (usenet/public) > <mkitchin.pub...@gmail.com> wrote: >> The steps have changed a little with newer versions. I will send what I use >> currently in a few hours when I get to a PC. >> -----Original Message----- >> From: Tony Graziano<tgrazi...@myitdepartment.net> >> Sender: sipx-users-boun...@list.sipfoundry.org >> Date: Tue, 24 Jan 2012 06:11:39 >> To: Discussion list for users of sipXecs >> software<sipx-users@list.sipfoundry.org> >> Reply-To: Discussion list for users of sipXecs software >> <sipx-users@list.sipfoundry.org> >> Subject: Re: [sipx-users] ssl web certificate >> >> Searching the archives reveals this. >> >> http://www.mail-archive.com/sipx-users@list.sipfoundry.org/msg16568.html >> >> caution is warranted, because that was version 4.0, and you should >> perhaps consider using the sipx-stage repo instead on a 4.4 system and >> using the sipxconfig gui. >> >> On Tue, Jan 24, 2012 at 6:05 AM, Henry Dogger<h.dog...@telecats.nl> wrote: >>> So I should try this from the CLI then? >>> Is there a wiki entry, or guide on how to do this? >>> >>> -----Original Message----- >>> From: sipx-users-boun...@list.sipfoundry.org >>> [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Tony Graziano >>> Sent: dinsdag 24 januari 2012 12:02 >>> To: Discussion list for users of sipXecs software >>> Subject: Re: [sipx-users] ssl web certificate >>> >>> I think it has been discussed in general that the gui does not work >>> well for 2048 bit certs or wildcards. Not sure this is functional >>> (2048 bit) from the GUI, but others report it works fromt he CLI. >>> _______________________________________________ >>> sipx-users mailing list >>> sipx-users@list.sipfoundry.org >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> >> -- >> ====================== >> Tony Graziano, Manager >> Telephone: 434.984.8430 >> sip: tgrazi...@voice.myitdepartment.net >> Fax: 434.465.6833 >> >> Email: tgrazi...@myitdepartment.net >> >> LAN/Telephony/Security and Control Systems Helpdesk: >> Telephone: 434.984.8426 >> sip: helpd...@voice.myitdepartment.net >> >> Helpdesk Customers: http://myhelp.myitdepartment.net >> Blog: http://blog.myitdepartment.net >> >> Linked-In Profile: >> http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 >> Ask about our Internet Fax services! >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
