I cannot get it to work.
I created private key and certificate:
openssl genrsa -des3 -out yaro.key 1024
openssl req -new -key yaro.key -x509 -out yaro.crt -days 368
openssl pkcs12 -export -in yaro.crt -inkey yaro.key -name yarodb -out yarodb.p12
Then I created a secmod.db, cert8.crt and key3.db with modutil from NSS:
modutil -create -dbdir .
modutil -changepw "NSS Certificate DB" -dbdir .
I set password to yaro. This is the password certDbPassword in
ImportCertificateDlg.cpp in sipxezphone.
I put secmod.db, cert8.crt and key3.db into the directory of sipxezphone.
The problems start in pk12wrapper.cpp. In P12Wrapper_UnicodeConversion, there
is a line missing
PORT_SetUCS2_ASCIIConversionFunction(&_P12Wrapper_UnicodeConversion);
just before
if(PR_FALSE ==
PORT_UCS2_ASCIIConversion(toUnicode,
Without setting callback for conversion function the conversion fails.
Once I do that, it crashes in P12Wrapper_ImportPKCS12ObjectFromBuffer on the
line
rv = SEC_PKCS12DecoderUpdate(p12dcx, (unsigned char *)pkcs12Buffer, pkcs12Size);
Did the import ever work?
If i import my private key and cert directly into cert8.crt and key3.db without
sipxezphone, will S/MIME or SRTP work?
I guess sipxtapi finds the right certificate by the certificate nickname. Are
there any requirements on the CN of the certificate?
Jaroslav Libak
_______________________________________________
sipxtapi-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipxtapi-dev/
