Wildcard certs have not been tested, but you can try the manual method (MAKE SURE YOU BACK UP EVERYTHING IN /etc/sipxpbx/ssl before continuing):
*Modify /usr/bin/ssl-cert/gen-ssl-keys.sh and modify the following line: *ServerKeyBits=1024 *Change this line to be: *ServerKeyBits=2048 *In the sipXecs administration portal, browse to* *System >> Certificates. Generate a CSR by entering all required information then click Generate. This will create a certificate signing request that can then be submitted to the certificate signing authority such as godaddy or verisign. Once you have submitted the CSR to the certificate signing authority and have received a certificate, follow these steps to activate it in sipXecs ** Stop sipXecs*: service sipxecs stop *Now copy the certificate authorities and web cert to a safe location (in case we need to restore them)*: mkdir ~/sslbck mkdir ~/sslbck/auth cp /etc/sipxpbx/ssl/authorities/* ~/sslbck/auth mv /etc/sipxpbx/ssl/ssl-web.crt ~/sslbck *Remove all certificate authorities and symlinks* rm -rf /etc/sipxpbx/ssl/authorities/* rm -f /etc/sipxpbx/ssl/authorities.jks rm -f /etc/sipxpbx/ssl/ssl-web.keystore *Now copy the original certificate authorities back:* cp ~/sslbck/auth/*.crt /etc/sipxpbx/ssl/authorities *Manually copy in the intermediate CA certificate provided by your certificate signing authority (with SFTP) to /etc/sipxpbx/ssl/authorities* *Manually copy the certificate you received for your server (with SFTP) to /etc/sipxpbx/ssl/ssl-web.crt* *Change ownership of all modified files* chown -R sipxchange:sipxchange /etc/sipxpbx/ssl/authorities chown sipxchange:root /etc/sipxpbx/ssl/ssl-web.crt *Start sipXecs:* service sipxecs start On Tue, Jan 24, 2012 at 9:33 AM, Henry Dogger <h.dog...@telecats.nl> wrote: > Hi, > > Matt First of all thanks for the help, and good luck with you new job! > I can't seem to get this certificate issue to work, but perhaps I should > not have left out the following: > My sipXecs installation has server1.myinternaldomain.com, and I have made > a cname in a domain where I have a wildcard certificate ( > sipxecs1.myexternaldomain.com) I am trying to install this certificate, > so in fact I'm using another domain than the one sipXecs is using.... > Perhaps this is not possible at all? > > Greetings, > Henry > > -----Original Message----- > From: sipx-users-boun...@list.sipfoundry.org [mailto: > sipx-users-boun...@list.sipfoundry.org] On Behalf Of Matthew Kitchin > (public/usenet) > Sent: dinsdag 24 januari 2012 14:13 > To: Tony Graziano > Cc: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] ssl web certificate > > This is how I do it in 4.4 with Microsoft certificate services. I had to > make sure the cert server was 2008 (R2 I think) and create a template > that does both server and user certs. > > mkdir $HOME/sslkeys > cd $HOME/sslkeys > /usr/bin/ssl-cert/gen-ssl-keys.sh --csr > > Country Name (2 letter code) [] : US > State or Province Name (full name) [] : Tennessee > Locality Name (eg, city) [] : Nashville > Organization Name (eg, company) [] : DSI > Organization Unit Name (eg, section) [VoIP Services] : > > These steps run on Microsoft CA server > http://nshpwis7/certsrv/ > cat pbx.tx207.sipx.voip.csr > Submit, and download as DER > > openssl x509 -in pbx.tx207.sipx.voip.cer -inform DER -out > pbx.tx207.sipx.voip.crt -outform PEM > > mkdir /etc/sipxpbx/ssl/old > cp -r /etc/sipxpbx/ssl/* /etc/sipxpbx/ssl/old/ > > > cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl-web.crt > > cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl-web.key > > cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl.crt > > cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl.key > > rm /etc/sipxpbx/ssl/ssl.keystore > > rm /etc/sipxpbx/ssl/ssl-web.keystore > > > cp nshpwis7.dsi-corp.netCA.crt /etc/sipxpbx/ssl/authorities > > /usr/bin/ssl-cert/ca_rehash > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Josh Patten eZuce Solutions Architect O.978-296-1005 X2050 M.979-574-5699 http://www.ezuce.com ------------------------------------------------------------------------------------------------------------ Hope to see you at the sipX CoLab! http://www.sipfoundry.org/sipx-colab A gathering for - open source users, eZuce customers & eZuce partners Get the inside track on 4.6 and a glimpse at the future of sipXecs!
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
