On Tue, Jan 29, 2013 at 6:45 PM, spameden <spame...@gmail.com> wrote: > Have you tried latest version from the trunk? Not really, I'll try that later. But I don't think I'll work :(
> Might be a bug tho, not sure, never used kannel with SSL. > > Also opening sendsms script to the real world might be a not good > idea. I'd code special interface for the users to communicate. Umm... In my case the user is another system. But even like that, it could be an interesting option. > 2013/1/30 Rudy Matela <r...@matela.com.br>: >> Did a leap of faith and tried merging the three certificates into one >> file, no success: >> >> http://www.digicert.com/ssl-support/pem-ssl-creation.htm >> >> On Tue, Jan 29, 2013 at 6:29 PM, Rudy Matela <r...@matela.com.br> wrote: >>> Hello, >>> >>> I'm using Kannel for a while. And I'd like to activate ssl for it. >>> >>> I have a certificate that works well for my apache web server. It is >>> made by 3 files configured on Apache as follows: >>> >>> SSLCertificateFile mycertificatefile.crt >>> SSLCertificateKeyFile myprivatekey.key >>> SSLCertificateChainFile myintermediate.ca.pem >>> SSLCACertificateFile myca.pem >>> >>> As you can see, to make it work, I had to add an intermediate >>> certificate chain file. And a CA certificate file. There is no option >>> for that on Kannel. Is there a way to add that? Maybe put the contents >>> of myca and myintermediate inside mycertificate. Has anyone tried >>> that? >>> >>> My wget works my website: >>> >>> wget https://example.com >>> >>> but it does not work on kannel: >>> >>> wget https://example.com:13013/send-sms >>> --2013-01-29 18:12:41-- https://example.com:13013/send-sms >>> Resolving example.com (example.com)... 127.0.0.1 >>> Connecting to example.com (example.com)|127.0.0.1|:13013... connected. >>> ERROR: cannot verify example.com's certificate, issued by >>> ‘/C=IL/O=SomeIssuer Ltd. Primary Intermediate Server CA’: >>> Unable to locally verify the issuer's authority. >>> To connect to example.com insecurely, use `--no-check-certificate'. >>> >>> Regards, >>> Rudy >>> >>> PS: >>> I've already configured my keys and HTTP access. >>> >>> group = core >>> ssl-server-key-file = "/etc/ssl/private/mycertificate.crt" >>> ssl-server-cert-file = "/etc/ssl/certs/myprivatekey.crt" >>> admin-port-ssl = true >>> >>> group = smsbox >>> sendsms-port-ssl = true >>> >>> Also, my web browser already recognizes the keys without the need to >>> configure the Intermediate Server CA (since it trusts the authority of >>> the issues). Wget (and a bunch of other client libs) do not, and >>> expect the web server to respond indicating a intermediate server CA. >>> >>> PS2: >>> >>> Did some research already but found nothing here in the list. >>> >>> Regards, >>> Rudy >>
