Agreed. Local CA is probably the best route to take, and the most manageable, so will look at doing that. Thank you.
----- Original Message ----- From: "James Cloos" <[email protected]> To: "Phil Daws" <[email protected]> Cc: [email protected], "Asterisk Users Mailing List - Non-Commercial Discussion" <[email protected]> Sent: Tuesday, 26 February, 2013 12:45:46 AM Subject: Re: [asterisk-users] Calendar: cert mismatch >>>>> "PD" == Phil Daws <[email protected]> writes: PD> It does generate a validity warning, as its self-signed, though I have PD> added it to the PBX ca-bundle.crt. Am I right in assuming that PD> Asterisk will use the default OpenSSL paths for where certificates are PD> stored ? The error said that the hostname in the uri does not match (any of) the hostname(s) in the cert. Does the self-signed cert have the hostname in either the CN or in (any of) the dnsName(s) in the subjectAltName section? It might work better if you created a local CA and used that to sign an end-entity cert for each server which needs one. Then add that CA cert to the bundle. Recent versions of tls (claim to have) deprecated the idea of using self-signed certs for anything other than root ca certs, but you can always create your own CA. -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
