Any help is greatly appreciated, I have now a working primary and 2
secondaries that don't talk to the primary.
How and where do I generate keys for the secondaries (on primary?)
How and where do I install these keys (on secondary?)
Paul
pscheep...@epo.org wrote on 16-08-2012 20:17:46:
> I am a bit stuck now.
> I generated keys with /usr/bin/ssl-cert/gen-ssl-keys.sh for
> secondary on primary.
> Copied them over and installed them with
/usr/bin/ssl-cert/install-cert.sh
> Then tried to push profiles, doesn't work.
> and tried restart services, doesn't work.
>
> How should I install new keys on secondaries?
>
> Paul
>
> Michael Picher <mpic...@ezuce.com> wrote on 16-08-2012 18:45:12:
>
>
> > ayuh
>
> > On Thu, Aug 16, 2012 at 12:37 PM, <pscheep...@epo.org> wrote:
> > Done that, that solves everything for the Primary server.
> > I think I can do the same on my 2 secondaries or should I use this:
> > libexec/sipXecs/initial-config secondaryServerHostName ,
> > mentioned in http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys
> +and+Keystores
> >
> > Paul
> >
> > Michael Picher <mpic...@ezuce.com> wrote on 16-08-2012 18:15:59:
> >
> > >
> > > just regenerate them...
> > >
> > > http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates
> >
> >
> > > On Thu, Aug 16, 2012 at 12:06 PM, <pscheep...@epo.org> wrote:
> >
> > > I use the standard certs, I thought they would not expire tht soon.
> > >
> > > I am running 4.4.0-287.gb0a66 btw.
> > >
> > > Can you give me a quick hint how to check?
> > >
> > > Paul
> > >
> > > Douglas Hubler <dhub...@ezuce.com> wrote on 16-08-2012 18:00:37:
> > >
> > >
> > > > On Thu, Aug 16, 2012 at 11:55 AM, <pscheep...@epo.org> wrote:
> > > > > I got back from holiday and discovered my primary server was not
OK.
> > > > > It showed the following:
> > > > >
> > > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate
> > verify failed
> > > > > (OpenSSL::SSL::SSLError)
> > > > >
> > > > > (the rest is gone because of user error :( )
> > > > >
> > > > > I tried a sipxproc -R, this did not work.
> > > > > Then I rebooted the machine and now I have this:
> > > > >
> > > > > [root@gssipx02 ~]# sipxproc -l
> > > > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize':
> Connection refused -
> > > > > connect(2) (Errno::ECONNREFUSED)
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > > > from /usr/bin/sipxproc:294
> > > > >
> > > > > Does anybody have any good ideas?
> > > >
> > > > expired cert?
> > > > _______________________________________________
> > > > sipx-users mailing list
> > > > sipx-users@list.sipfoundry.org
> > > > List Archive:
> > > http://list.sipfoundry.org/archive/sipx-users/
> > >
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-users@list.sipfoundry.org
> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> > >
> >
> > >
> > > --
> > > Michael Picher, Director of Technical Services
> > > eZuce, Inc.
> > > 300 Brickstone Square
> > > Suite 201
> > > Andover, MA. 01810
> > > O.978-296-1005 X2015
> > > M.207-956-0262
> > > @mpicher <http://twitter.com/mpicher>
> > > linkedin
> > > www.ezuce.com
> > >
> > >
> >
>
------------------------------------------------------------------------------------------------------------
> > > There are 10 kinds of people in the world, those who understand
> > > binary and those who don't.
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-users@list.sipfoundry.org
> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-users@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
>
> >
> > --
> > Michael Picher, Director of Technical Services
> > eZuce, Inc.
> > 300 Brickstone Square
> > Suite 201
> > Andover, MA. 01810
> > O.978-296-1005 X2015
> > M.207-956-0262
> > @mpicher <http://twitter.com/mpicher>
> > linkedin
> > www.ezuce.com
> >
> >
>
------------------------------------------------------------------------------------------------------------
> > There are 10 kinds of people in the world, those who understand
> > binary and those who don't.
> > _______________________________________________
> > sipx-users mailing list
> > sipx-users@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/
