On Fri, Nov 20, 2009 at 2:23 PM, Scott Lawrence <[email protected]>wrote:
> On Fri, 2009-11-20 at 02:08 +0200, Mircea Mihai Carasel wrote: > > > > UI proposal: Please take a look at attached screenshots: > > http://track.sipfoundry.org/browse/XX-6850 > > ..and share your comments :) > > Raymond is (or will shortly be) working on a java framework for using > the pem format keys used by the C++, eliminating the use of java > keystore and trustore completely. > > http://track.sipfoundry.org/browse/XX-7058 > > That won't remove the need to load new trusted certificate roots, but we > certainly don't want to use the term 'truststore': use 'Trusted CA > Certificate'. > > We don't need a password field - certificates won't have passwords on > them. > > I suggest calling this the Certificate Authorities page. > > It should be able to list all CAs, including the internally generated > one. It should be possible to remove any but that internally generated > one (making this take effect will require restarting any services that > use it, since the libraries cache these things). > > It should also be possible to display the contents of the certs - > execute: > > $SIPX_BINDIR/ssl-cert/gen-ssl-keys.sh --show-cert <file> > > to generate a simple text display. > > When a new certificate is uploaded, the screen should: > > 1. Validate it (I can do a quick change to an existing script to > make this easy) > 2. Display it for the user to get confirmation that this is what > they meant to upload > 3. Copy it into the $SIPX_CONFDIR/ssl/authorities directory > 4. Execute $SIPX_BINDIR/ssl-cert/ca_rehash > > Hi, I followed Scott's guidance from above and I successfully implemented all requirements. Please see new attached screen-shots: http://track.sipfoundry.org/browse/XX-6850 There is only one problem left: Adding the new imported certificate to authorities.jks truststore. I don't know if this requirement makes the subject of this issue - is this requirement going to be handled by Raymond ?: http://track.sipfoundry.org/browse/XX-7058 I read the discussion regarding XX-7058 initiated by Raymond and I have the feeling that this requirement is going to be handled by his issue. If this is not the case, please let me know if there is a way ( a script execution for instance) to add the newly imported certificate to authorities.jks. I studied gen-ssl-keys.sh, install-cert.sh, upgrade-cert.sh scripts and I couldn't find a way to add the imported cert to sipXecs's truststore authorities.jks. If script execution cannot be used here, I can easily write some java code to add the certificate in authorities.jks Thanks, Mircea
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
