M. Ranganathan wrote: > sipxconfig supplies an argument for the web cert when that is > installed. It should not have any effect on the keystore. > > My question is does generate-ssl-keys.sh and install-ssl-keys.sh get > called when you install the secondary server? I dont know because I > did not write that script. > > Perhaps Arjun can put some tracing into it and try doing an HA > install to see if it gets called for HA install and what the arguments > are. >
No, gen-ssl-keys.sh and install-cert.sh do not get called on the secondary server (I have deleted both these files from my secondary). Furthermore, the md5sum remains unchanged from the certs that are generated by the primary server (by ./libexec/sipXecs/initial-config, to be used in the secondary) and the certs being used in the secondary server. Here are the two certificates the secondary server uses -- bcmdesk6122.ca.nortel.com 1 Subject [email protected], CN=bcmdesk6122.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US Issuer [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US sha1 7d f3 ad 0e fe 02 64 63 83 f2 48 8a 35 d1 04 ea ec 5a b3 ad md5 95 67 ad 3f 19 01 1f 65 d9 e8 8e 30 7c 3b 9f da 2 Subject [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US Issuer [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US sha1 ca 67 6a 8f 29 1e 05 59 80 0d 5a db f2 55 33 41 13 9c bb 76 md5 27 73 1c 52 dc 9c 83 46 57 c5 ff 60 cd 3d 39 75 And here are the two certs the primary uses -- bcmsl2167.ca.nortel.com 1 Subject [email protected], CN=bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US Issuer [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US sha1 c8 50 f0 31 71 1c 9f 5e f2 af eb c6 04 5c 01 b1 e6 f1 b6 1d md5 45 50 d8 67 f3 f8 fc a7 57 46 c9 18 c2 08 31 07 2 Subject [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US Issuer [email protected], CN=ca.bcmsl2167.ca.nortel.com, OU=sipXecs, O=ca.nortel.com, L=AnyTown, ST=AnyState, C=US sha1 ca 67 6a 8f 29 1e 05 59 80 0d 5a db f2 55 33 41 13 9c bb 76 md5 27 73 1c 52 dc 9c 83 46 57 c5 ff 60 cd 3d 39 75 So, I am not sure why the keystore does not trust the certs from the secondary, until you explicitly add it to the keystore. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
