On Fri, 2009-11-20 at 02:08 +0200, Mircea Mihai Carasel wrote:
> UI proposal: Please take a look at attached screenshots: > http://track.sipfoundry.org/browse/XX-6850 > ..and share your comments :) Raymond is (or will shortly be) working on a java framework for using the pem format keys used by the C++, eliminating the use of java keystore and trustore completely. http://track.sipfoundry.org/browse/XX-7058 That won't remove the need to load new trusted certificate roots, but we certainly don't want to use the term 'truststore': use 'Trusted CA Certificate'. We don't need a password field - certificates won't have passwords on them. I suggest calling this the Certificate Authorities page. It should be able to list all CAs, including the internally generated one. It should be possible to remove any but that internally generated one (making this take effect will require restarting any services that use it, since the libraries cache these things). It should also be possible to display the contents of the certs - execute: $SIPX_BINDIR/ssl-cert/gen-ssl-keys.sh --show-cert <file> to generate a simple text display. When a new certificate is uploaded, the screen should: 1. Validate it (I can do a quick change to an existing script to make this easy) 2. Display it for the user to get confirmation that this is what they meant to upload 3. Copy it into the $SIPX_CONFDIR/ssl/authorities directory 4. Execute $SIPX_BINDIR/ssl-cert/ca_rehash _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
