Mircea Mihai Carasel wrote: > > I followed Scott's guidance from above and I successfully > implemented all requirements. Please see new attached screen-shots: > http://track.sipfoundry.org/browse/XX-6850 > > There is only one problem left: > Adding the new imported certificate to authorities.jks truststore. > I don't know if this requirement makes the subject of this issue - > is this requirement going to be handled by Raymond ?: > > http://track.sipfoundry.org/browse/XX-7058 > > I read the discussion regarding XX-7058 initiated by Raymond and I > have the feeling that this requirement is going to be handled by his > issue. > If this is not the case, please let me know if there is a way ( a > script execution for instance) to add the newly imported certificate > to authorities.jks. > I studied gen-ssl-keys.sh, install-cert.sh, upgrade-cert.sh scripts > and I couldn't find a way to add the imported cert to sipXecs's > truststore authorities.jks. > > If script execution cannot be used here, I can easily write some > java code to add the certificate in authorities.jks > > > I commited the code. > All steps suggested by Scott are implemented, and everything works well > . > Observation: I tested hash script with .crt and .pem certificates and > works fine, the hash link is generated. > When I removed the certificate extension, or I changed in something > else, that do not belong to accepted certificate extensions list, the > hash link is not generated but the certificate is reported as valid > > Please have a look and let me know if there is anything else needed > NOTE: I didn't add the newly imported certificate to sipXecs's > truststore: authorities.jks. >
I noticed you marked this XX-6850 as fixed. I don't think you can since the issue is "known CAs needed in sipxconfig truststore" and although you added quite a chunk of functionality here, we still do not have CA in the truststore that would allow sipXconfig to communicate with GMail servers. (If I am mistaken here, you can ignore the rest of this e-mail) If there is some other work that's in progress (and will be completed before 4.2 is out) please crossreference it with XX-6247. If not, let's reopen XX-6850. Let me reiterate: from sipXconfig perspective the *only* thing that we need for 4.2 release is a single extra CA is authorities.jks - any other work like XX-7058 or UI for uploading CAs is _nice to have_ and does not need to happen for this release (unless some other - non sipXconfig - functionality requires it). Damian _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
