Am 10.02.2011 15:31, schrieb Mircea Carasel:
On Thu, Feb 10, 2011 at 4:02 PM, Lars Schiller <[email protected]
<mailto:[email protected]>> wrote:
Hi,
using sipx 4.4.0 I am trying to import data via LDAP with TLS.
OpenLDAP and sipx are on the same server. It works as long as I do
not use TLS. With a LDAP browser like JXplorer even TLS works.
I sniffed the network traffic on the loopback interface with
Wireshark. There is a TLS Alert, Certificate Unknown. I made the
certificates myself for testing purposes. Do I need to import
them? If so, it does not work. I get the message „Unable to
validate certificate“. Is anything wrong with the certificates?
In order to import a certificate you have to use:
System/Certificates/Certificate Authority.
During import there is a script that validates the certificate and it
accepts only certificates with .pem or .crt extension
More than this, DER (binary) certificates are not accepted. You have
to use a PEM certificate:
If you have a DER one you can use this to transform it in PEM certificate:
Well, that is exactly what I am doing. Maybe I made mistakes before as I
am not used to TLS. I made server certificates with my own CA using
openssl. Here are the commands I used in shortened form:
openssl req -new -x509 -newkey rsa:1024 -keyout cakey.pem -out
cacert.pem -days 3650
openssl genrsa -out serverkey.pem -aes128 1024 -days 3650
openssl rsa -in serverkey.pem -out serverkey.pem
openssl req -new -key serverkey.pem -out req.pem -nodes
openssl ca -in req.pem -notext -out servercert.pem
So all certificates have .pem extension. Using the import function under
System/Certificates/Certificate Authority I get a message that the
certificate is not valid.
Regards,
Lars
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/
