Am 23.02.2011 00:05, schrieb George Niculae: > On Wed, Feb 23, 2011 at 12:56 AM, Mircea Carasel<[email protected]> wrote: >>> Thank you in advance for your help. Attached you will find the generated >>> certificates and the sniffed traffic on the configured TLS port. Maybe there >>> is a simple but effective mistake. >> Lars, >> >> Thank you for the certificates archive >> >> We are using "openssl verify" command to check if a certificate is OK or not >> before importing it >> I found two certificates there >> servercert.pem is not valid >> but cacert.pem looks like valid but still has a problem >> Here are my results: >> >> [mirceac@decebal lars]$ openssl verify servercert.pem >> servercert.pem: C = DE, ST = NDS, O = Teamprojekt, CN = >> sipx.teamprojekt.local, emailAddress = [email protected] >> error 20 at 0 depth lookup:unable to get local issuer certificate >> >> [mirceac@decebal lars]$ openssl verify cacert.pem >> cacert.pem: C = DE, ST = NDS, L = Wolfenbuettel, O = Teamprojekt, CN = >> sipx.teamprojekt.local, emailAddress = [email protected] >> error 18 at 0 depth lookup:self signed certificate >> OK > Looks like your cert need to be signed by a CA... > > George
Maybe I misunterstood something in the way self signed certificates are creted. The certificates from the archive were made with the following commands: My own CA: openssl req -new -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 3650 The key file for the server: openssl genrsa -out serverkey.pem -aes128 1024 -days 3650 Removing the pass phrase: openssl rsa -in serverkey.pem -out serverkey.pem Certificate signing request for the server: openssl req -new -key serverkey.pem -out req.pem -nodes Signing the CSR: openssl ca -in req.pem -notext -out servercert.pem I would be very grateful if somebody could help me finding my error in reasoning. Regards -- ----------------------------------------------- Lars Schiller IANT- APPLIED NGN-TECHNOLOGIES Schlüsselfertige VoIP-Lösungen und mehr... IANT GmbH Salzdahlumer Straße 46/48 D-38302 Wolfenbüttel Fon: +49/(0)5331/ 900989-450 Fax: +49/(0)5331/ 900989-499 Internet: www.iant.de Ust.-IdNr: DE264352710 HRB 201710, Amtsgericht Braunschweig Geschäftsführer: Prof. Dr.-Ing. Diederich Wermser, Dipl.-Ing. Jan Schumacher IANT is Member of GROUPLINK www.grouplink.de ----------------------------------------------- _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
