> > Google cert is signed by a "real" CA. So basically what's going on here - > google tells us "Hey, I am Google, you can check with important CA if you > don't believe". And sipXconfig says "I do not see your important CA in my > cert chain, I only trust bogus CA that we generated during install". > > One way of fixing this would be adding couple of well known CAs to our > truststore. (Specifically adding the one that google is using.) Aparently > it's already in default java trust store since everything works if you run > your code outside of sipXconfig (to test my theory you can just remove > truststore param - sipXconfig will use default, replication will fail but > you'll be able to import addresses) >
TIP: I think I found a way (using keytool JDK tool) that easily copies a CA from JDK cacerts file into a different one: keytool -keystore /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/security/cacerts -export -alias verisignserverca > /tmp/verisign.cacert Mircea > > D. > > > _______________________________________________ > sipx-dev mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > sipXecs IP PBX -- http://www.sipfoundry.org/ >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
