On Fri, Jul 6, 2012 at 4:45 PM, Tony Graziano <[email protected]>wrote:
> (using the last ISO in the sipx-stage area) > > Ok. Question here. Did the install. Seeing the certificate being created > using the domain name, instead of hostname. > > example: > > host name used during creating: pbx > domain/realm/sipdomain: smoke.myitdepartment.net > > resulting certificate being presented upon login should be: > pbx.smoke.myitdepartment.net, but it is smoke.myitdepartment.net. > > As a result cannot login because the basic constraints of the certificate > seem to be invalid: > > normal (I think, 4.4) > > Subject Type=End Entity > Path Length Constraint=None > > 4.6 > > Subject Type=CA (which is probably OK) > Path Length Constraint=0 > > Specifies the maximum allowable path length, the maximum number of CA > certificates that may be chained below (subordinate to) the subordinate CA > certificate being issued. The path length affects the number of CA > certificates used during certificate validation. The chain starts with the > end-entity certificate being validated and moves up. > This parameter has no effect if the extension is set in end-entity > certificates. > The permissible values are 0 or *n*. The value must be less than the path > length specified in the Basic Constraints extension of the CA signing > certificate. > 0 specifies that no subordinate CA certificates are allowed below the > subordinate CA certificate being issued; only an end-entity certificate may > follow in the path. > *n* must be an integer greater than zero. This is the maximum number of > subordinate CA certificates allowed below the subordinate CA certificate > being used. > If the field is blank, the path length defaults to a value determined by > the path length set on the Basic Constraints extension in the issuer's > certificate. If the issuer's path length is unlimited, the path length in > the subordinate CA certificate is also unlimited. If the issuer's path > length is an integer greater than zero, the path length in the subordinate > CA certificate is set to a value one less than the issuer's path length; > for example, if the issuer's path length is 4, the path length in the > subordinate CA certificate is set to 3. > > No matter what browser I use, it complains of a bad signature. Did I miss > something during setup? > > Also, I had to manually edit my IP and set my gateway because no matter > what I did during setup it reverted to DHCP. I am wondering if something > has been inadvertently left off the setup script for CentOS to assign this > manually before the sipx script runs? > > FWIW - To be more easily usable to some of us, it would be nice to include > both nano and wget packages during the ISO install like 4.4 did. > Yes. I think it's my fault https://github.com/dhubler/sipxecs/commit/5581b1d0083f190339b5ad9a656016213fc78d8b <https://github.com/dhubler/sipxecs/commit/5581b1d0083f190339b5ad9a656016213fc78d8b>I'm working on it and I'll put a fix asap Laurentiu
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
