On Fri, 2008-08-22 at 10:01 +0300, Mircea Carasel wrote:
>
> > > [...]
> > > We could use a specific name for the web certificate ( ssl-web.crt ,
> > > ssl-web.key, ssl-web.p12 ) and copy it from the
> > > {prefix}/var/sipxdata/configserver/web-cert directory to the
> > > {prefix}/etc/sipxpbx/ssl directory. In this way, we will have two
> > > certificates, one for the xml-rpc named ssl.* as it is now and another
> > > one for the web named ssl-web.* .
> > > For this, we will have to modify the create-ssl-keystore.sh file and
> > > have it importing the web certificate into the keystore only if the
> > > ssl-web.crt file exist. Otherwise it will import the ssl.crt file into
> > > the keystore.
> > >
> > > Finally for the changes to take effect, we will need to restart the JVM
> > > and pass to it the changes.
> > >
> >
> > What you propose will not affect any of the comm servers use of SSL for
> > XML-RPC or anything else.
> >
> > Whether or not it will change the sipXconfig or other java services, I
> > don't know.
> >
> >
> Thanks Scott.
> I am proposing to finish the XCF-2428 patch having this solution
> implemented (since there is the only one we have :) ).
> People can apply/test the solution to see how it works.
> What do you think ?
I think that you should test whether or not replication of configuration
files and imdb data works after the web cert has been changed... if it
does, then you're ok.
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
