On Fri, Jul 6, 2012 at 4:52 PM, Laurentiu Ceausescu <[email protected]>wrote:
> On Fri, Jul 6, 2012 at 4:45 PM, Tony Graziano < > [email protected]> wrote: > >> (using the last ISO in the sipx-stage area) >> >> Ok. Question here. Did the install. Seeing the certificate being created >> using the domain name, instead of hostname. >> >> example: >> >> host name used during creating: pbx >> domain/realm/sipdomain: smoke.myitdepartment.net >> >> resulting certificate being presented upon login should be: >> pbx.smoke.myitdepartment.net, but it is smoke.myitdepartment.net. >> >> As a result cannot login because the basic constraints of the certificate >> seem to be invalid: >> >> normal (I think, 4.4) >> >> Subject Type=End Entity >> Path Length Constraint=None >> >> 4.6 >> >> Subject Type=CA (which is probably OK) >> Path Length Constraint=0 >> >> Specifies the maximum allowable path length, the maximum number of CA >> certificates that may be chained below (subordinate to) the subordinate CA >> certificate being issued. The path length affects the number of CA >> certificates used during certificate validation. The chain starts with the >> end-entity certificate being validated and moves up. >> This parameter has no effect if the extension is set in end-entity >> certificates. >> The permissible values are 0 or *n*. The value must be less than the >> path length specified in the Basic Constraints extension of the CA signing >> certificate. >> 0 specifies that no subordinate CA certificates are allowed below the >> subordinate CA certificate being issued; only an end-entity certificate may >> follow in the path. >> *n* must be an integer greater than zero. This is the maximum number of >> subordinate CA certificates allowed below the subordinate CA certificate >> being used. >> If the field is blank, the path length defaults to a value determined by >> the path length set on the Basic Constraints extension in the issuer's >> certificate. If the issuer's path length is unlimited, the path length in >> the subordinate CA certificate is also unlimited. If the issuer's path >> length is an integer greater than zero, the path length in the subordinate >> CA certificate is set to a value one less than the issuer's path length; >> for example, if the issuer's path length is 4, the path length in the >> subordinate CA certificate is set to 3. >> >> No matter what browser I use, it complains of a bad signature. Did I miss >> something during setup? >> >> Also, I had to manually edit my IP and set my gateway because no matter >> what I did during setup it reverted to DHCP. I am wondering if something >> has been inadvertently left off the setup script for CentOS to assign this >> manually before the sipx script runs? >> >> FWIW - To be more easily usable to some of us, it would be nice to >> include both nano and wget packages during the ISO install like 4.4 did. >> > > > Yes. I think it's my fault > > https://github.com/dhubler/sipxecs/commit/5581b1d0083f190339b5ad9a656016213fc78d8b > > > <https://github.com/dhubler/sipxecs/commit/5581b1d0083f190339b5ad9a656016213fc78d8b>I'm > working on it and I'll put a fix asap > Laurentiu > I've reverted this commit and a new RPM will be available soon
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
