> -----Original Message----- > From: M. Ranganathan [mailto:[email protected]] > Sent: Monday, April 20, 2009 11:00 AM > To: Saint, David (CAR:9D60) > Cc: Dans, Raymond (CAR:9D30); Lawrence, Scott (BL60:9D30); > Ranganathan, Mudumbai (CONST:9D30); [email protected] > Subject: Re: [sipX-dev] Problem with HA secondary server SSL > > On Mon, Apr 20, 2009 at 10:46 AM, David Saint > <[email protected]> wrote: > >> -----Original Message----- > >> From: Dans, Raymond (CAR:9D30) > >> Sent: Saturday, April 18, 2009 5:18 PM > >> To: Lawrence, Scott (BL60:9D30); Saint, David (CAR:9D60) > >> Cc: Ranganathan, Mudumbai (CONST:9D30); > [email protected] > >> Subject: RE: [sipX-dev] Problem with HA secondary server SSL > >> > >> Scott wrote: > >> > >> >To: Saint, David (CAR:9D60) > >> >Cc: Ranganathan, Mudumbai (CONST:9D30); > [email protected] > >> >Subject: Re: [sipX-dev] Problem with HA secondary server SSL > >> > > >> >On Fri, 2009-04-17 at 16:41 -0400, David Saint wrote: > >> >> > -----Original Message----- > >> >> > From: Nair, Arjun (CAR:9D30) > >> >> > Sent: Friday, April 17, 2009 2:45 PM > >> >> > To: Saint, David (CAR:9D60) > >> >> > Cc: [email protected] > >> >> > Subject: Re: [sipX-dev] Problem with HA secondary server SSL > >> >> > > >> >> > David Saint wrote: > >> >> > > Sorry, my previous post didn't display properly. > >> >> > > > >> >> > > I finally got my HA system to work (after several tries) > >> >> > by running: > >> >> > > java InstallCert <secondary server> on the primary > >> server's > >> >> > > directory /etc/sipxpbx/ssl, then regenerating the secondary > >> >> > server's > >> >> > > profile. > >> >> > > Now I can control the secondary server's services from > >> >sipXconfig! > >> >> > > > >> >> > > > >> >> > > >> >> > I believe Ranga fixed this issue in rev.15179 > >> >> > > >> >> > Arjun > >> >> > > >> >> > >> >> Upgraded to rev15207, found the new load better in some > >> ways but one > >> >> new > >> >> problem: > >> >> In /usr/libexec/sipXecs/initial-config had to change: > >> >> /usr/bin/ssl-cert/gen-ssl-keys.sh > >> >> /usr/bin/ssl-cert/install-cert.sh > >> >> to: > >> >> sudo /usr/bin/ssl-cert/gen-ssl-keys.sh > >> >> sudo /usr/bin/ssl-cert/install-cert.sh to get the > >> secondary server > >> >> to complete sipxecs-setup (using RPMs). > >> > > >> >That's not the right fix - Raymond and I discussed this and > >> he's got a > >> >different fix queued up. > >> > > >> I'm not sure this is the same issue. The fix that I > provided is on > >> an upgrade scenario. I don't believe that David is actually > >> upgrading via RPMs (but then again maybe I'm wrong - > that's what my > >> wife tells me anyways :) ) > >> > > > > I think the problem was due to the file permissions for: > > /var/sipxdata/certdb/<secondary server>.der being set to root:root > > rather than sipxchange:sipxchange Perhaps whatever is > creating the DER > > file didn't set the permissions properly? > > It is quite possible. I never did anything with the > permission when it was generated. Please change the > permission as needed. Thanks > > Ranga >
I upgraded to main stream rev15235, removed /var/sipxdata/certdb and tried again. This time the *.der files appeared with the proper permissions and everything worked OK, so it looks like there's no issue now. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
