Scott wrote: ... > > Is [XX-6905] the same requirement as Scott's "B." in > > http://track.sipfoundry.org/browse/XX-7249 ? > > Not quite, but they are related. > > The current interface for generating a web certificate does > two things: > > 1. Generates a public/private key pair > 2. Creates a CSR (an unsigned public key) containing the full > hostname of the system. > > the user is then expected to take the CSR to a CA to be > signed, which is what produces a certificate (a certificate > is essentially just a public key with metadata and a signature). > > XX-6905 says that we should allow the creation of a CSR that > uses some alias for the hostname: the systems real fqdn might > be 'ds12r5s7.example.com' (because that's the corporate > standard form my hostnames must have - identifying the > datacenter, rack, and shelf), but I want my users to log in > using 'voicemail.example.com', or 'sipxecs.example.com'.
Regarding the UI for XX-6905, it sounds like "Server Name" on the "Generate CSR" screen should actually be a drop-down containing the system Domain Names, as well as all Domain Aliases? You then choose which one you want to generate the CSR for. > XX-7249... > It should be > possible to import the combination of a private key and a > certificate, even though sipXconfig was not used to generate > either (and that certificate may well not use the fqdn of the > system - hence the relationship between the issues). And let me guess, the private key is sometimes delivered as a file, and sometimes as text? It will be a challenge to construct a simple single screen which allows the private key to be optional, but both to be uploaded as either file or text. > As for checking certificates - in both cases, the check-cert.sh script > should be invoked to do any checking. Looking at the code, I think we are not running check-cert.sh on Certificates, but only on Certificate Authorities. Thanks for the clarification. -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
