Hello,
After installing sipx, I setup SSL Certificates using sipx-setup. This
places a key and certificate in etc/sipxpbx/ssl i.e. ssl.crt ssl.key
ssl.p12
There is also a CA certificate which is placed in etc/sipxpbx/ssl/authorities
I want to then install a new web certificate.
After doing that, following the necessary procedures as outlined in
XCF-3248, I find two new files : ssl-web.crt ssl-web.key in
etc/sipxpbx/ssl
No CA crt was added to authorities because, presumably only the web
browser needs to know about the public key certificate of the
certificate authority.
I directly install the CA in the web browser and I am able to log in
to sipx but I cannot communicate using XML RPC any longer.
Looking at the XML RPC logs, I suspect that the public key certificate
generated for the for the web browser ( i.e. ssl-web.crt ) is being
used for the SSL handshake.
For example, I see the following error :
org.sipfoundry.sipxbridge.xmlrpc.SipXbridgeClientException:
org.apache.xmlrpc.XmlRpcException: Failed to read servers response:
sun.security.validator.ValidatorException: No trusted certificate
found
at
org.sipfoundry.sipxbridge.xmlrpc.SipXbridgeXmlRpcClient.exit(SipXbridgeXmlRpcClient.java:144)
at org.sipfoundry.sipxbridge.Gateway.main(Gateway.java:1219)
And in the absence of a CA for that certificate (it is only installed
in the web browser), I get the error above. This is of course not what
I want. I want the server to continue to use ssl.crt for xml rpc but
ssl-web.crt for the web browser.
How can I arrange that?
Ranga
--
M. Ranganathan
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
