George Niculae wrote: [...] >>> >> Google cert is signed by a "real" CA. So basically what's going on >> here - google tells us "Hey, I am Google, you can check with important >> CA if you don't believe". And sipXconfig says "I do not see your >> important CA in my cert chain, I only trust bogus CA that we generated >> during install". >> >> One way of fixing this would be adding couple of well known CAs to our >> truststore. (Specifically adding the one that google is using.) >> Aparently it's already in default java trust store since everything >> works if you run your code outside of sipXconfig (to test my theory >> you can just remove truststore param - sipXconfig will use default, >> replication will fail but you'll be able to import addresses) > > Scott, Damian, thanks for the hints! > > It worked as Damian suggested - I removed the truststore param and > successfully imported the gmail contacts fine. However, I am wondering > how this will work in the real life (as suggested, adding google CA to > our trustore would be an option). Should I file an issue for this and > set it as a dependency to the one I am working on? >
Yes. Let's add a separate issue on it. I would think that the proper thing to do is to add the default truststore content to the truststore used by sipXconfig (and other java application). Alternatively we can just distribute several well known CA certs and manage this independently of JVM defaults. Opinions? D. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
