On Thu, 2008-08-21 at 19:58 +0300, Mircea Carasel wrote:
> Hi,
> Regarding XCF-2428, I would like to open a new discussion thread in
> order bring once more into attention a solution proposal that will
> accomplish the
> following requirement: make possible the coexistence of a web ssl
> certificate and a xml-rpc ssl certificate in sipXconfig
>
> Based on our researches here is the result:
> [...]
>
> We made some tests with some new web certificates and we observed that
> the existence of ssl.crt ssl.key and ssl.p12 files is mandatory in
> {prefix}/etc/sipxpbx/ssl directory. As you pointed out, the
> create-ssl-keystore.sh is creating a keystore (if not already existing)
> and we've looked into it and saw that it adds the certificate
> represented by ssl.crt file to this keystore
> ({prefix}/etc/sipxpbx/ssl/.ssl.keystore).
>
> We could use a specific name for the web certificate ( ssl-web.crt ,
> ssl-web.key, ssl-web.p12 ) and copy it from the
> {prefix}/var/sipxdata/configserver/web-cert directory to the
> {prefix}/etc/sipxpbx/ssl directory. In this way, we will have two
> certificates, one for the xml-rpc named ssl.* as it is now and another
> one for the web named ssl-web.* .
> For this, we will have to modify the create-ssl-keystore.sh file and
> have it importing the web certificate into the keystore only if the
> ssl-web.crt file exist. Otherwise it will import the ssl.crt file into
> the keystore.
>
> Finally for the changes to take effect, we will need to restart the JVM
> and pass to it the changes.
>
> However, we don't know if these changes will affect the xml-rpc side.
> Please share us your thoughts.
What you propose will not affect any of the comm servers use of SSL for
XML-RPC or anything else.
Whether or not it will change the sipXconfig or other java services, I
don't know.
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
