On Wed, 2009-12-09 at 15:13 -0500, Raymond Dans wrote: > In dabbling around the new Certificate Authority importing capability, I > came across what I may believe to be an issue. > > I obtained a certificate for the Google Internet Authority and tried to > import it into my system so that it could be included as a trusted > authority. > > The importing of this certificate failed. Upon closer investigation, I > noticed that when sipXconfig checks the certificate (using the > check-cert.sh script), it doesn't provide any parameters as to what to > check. The default in the script is to check the certificate for being > valid as a Client Certficate and Server Certificate rather than just > checking the Certificate Authority (done using the > --certificate-authority flag). > > Should the checking of this certificate on import only be for the > Certificate Authority and does it need to check it for use as an SSL > Client and/or SSL Server certificate?
It should check to see that it is a certificate authority certificate (pass --certificate-authority), which deliberately does not check to see if it is also valid as a client or server cert. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
