On Mon, Dec 7, 2009 at 6:26 PM, Damian Krzeminski <[email protected]>wrote:
> Mircea Mihai Carasel wrote: > > > > I followed Scott's guidance from above and I successfully > > implemented all requirements. Please see new attached screen-shots: > > http://track.sipfoundry.org/browse/XX-6850 > > > > There is only one problem left: > > Adding the new imported certificate to authorities.jks truststore. > > I don't know if this requirement makes the subject of this issue - > > is this requirement going to be handled by Raymond ?: > > > > http://track.sipfoundry.org/browse/XX-7058 > > > > I read the discussion regarding XX-7058 initiated by Raymond and I > > have the feeling that this requirement is going to be handled by his > > issue. > > If this is not the case, please let me know if there is a way ( a > > script execution for instance) to add the newly imported certificate > > to authorities.jks. > > I studied gen-ssl-keys.sh, install-cert.sh, upgrade-cert.sh scripts > > and I couldn't find a way to add the imported cert to sipXecs's > > truststore authorities.jks. > > > > If script execution cannot be used here, I can easily write some > > java code to add the certificate in authorities.jks > > > > > > I commited the code. > > All steps suggested by Scott are implemented, and everything works well > > . > > Observation: I tested hash script with .crt and .pem certificates and > > works fine, the hash link is generated. > > When I removed the certificate extension, or I changed in something > > else, that do not belong to accepted certificate extensions list, the > > hash link is not generated but the certificate is reported as valid > > > > Please have a look and let me know if there is anything else needed > > NOTE: I didn't add the newly imported certificate to sipXecs's > > truststore: authorities.jks. > > > > I noticed you marked this XX-6850 as fixed. I don't think you can since the > issue is "known CAs needed in sipxconfig truststore" and although you added > quite a chunk of functionality here, we still do not have CA in the > truststore that would allow sipXconfig to communicate with GMail servers. > (If I am mistaken here, you can ignore the rest of this e-mail) > > If there is some other work that's in progress (and will be completed > before 4.2 is out) please crossreference it with XX-6247. If not, let's > reopen XX-6850. > I had the feeling that the newly imported certificates will be automatically added to sipxconfig truststore somehow after XX-7058 is ready and sipXconfig will not need to do anything on this matter. I will be very glad to implement also this functionality. I can easily add a button below the certificates table that will add selected newly imported certificates into sipXconfig truststore. If you have any other idea how to add newly imported certificates to sipXconfig truststore please let me know. I will reopen XX-6850 and implement this functionality Thanks, Mircea > > Let me reiterate: from sipXconfig perspective the *only* thing that we need > for 4.2 release is a single extra CA is authorities.jks - any other work > like XX-7058 or UI for uploading CAs is _nice to have_ and does not need to > happen for this release (unless some other - non sipXconfig - functionality > requires it). > > Damian > > _______________________________________________ > sipx-dev mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > sipXecs IP PBX -- http://www.sipfoundry.org/ >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
