Carolyn Beeton wrote: > > > As we start to work on TLS between systems (sipXbridge and sipXproxy), > we need to share certificates between these systems. I assume it is > somewhat similar to the HA setup, but not identical. Has anyone done > it? I have a general idea that certs need to be generated on one box, > and copied to and installed on the other, but I am not sure which ones. > Is there a way to test on a developer system without a real CA? I think > there is an issue for installing certs through sipXconfig, but I am > looking for a more immediate command line equivalent. >
Installing certs through sipXconfig UI will not help here, since UI is used to installed the WEB site cert only (used when your browser is trying to identify sipXconfig WEB portal). Incidentally I do think that there is an issue (or at least a significant change) with how CAs in etc/sipxpbx/ssl/authorities are treated in 3.x and 4.x. In 3.x adding new CA was as simple as dropping a new certificate in that directory and restarting sipXconfig (which automatically re-generated truststore). Since starting from 4.x sipXconfig is not the only service that is using the trustore, Ranga moved the generation to separate scripts. Unfortunately it looks like automatic generation of trustore does not work any more. Or maybe I just didn't find the correct incantation to trigger it. I ended up adding the certs I needed to the trustore manually. See my comment for XX-6247 to see command line example: http://tinyurl.com/ybcywd6 D. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
