On Fri, Jul 6, 2012 at 4:45 PM, Tony Graziano <[email protected]> wrote:
> (using the last ISO in the sipx-stage area) > > Ok. Question here. Did the install. Seeing the certificate being created > using the domain name, instead of hostname. > > example: > > host name used during creating: pbx > domain/realm/sipdomain: smoke.myitdepartment.net > > resulting certificate being presented upon login should be: > pbx.smoke.myitdepartment.net, but it is smoke.myitdepartment.net. > > As a result cannot login because the basic constraints of the certificate > seem to be invalid: > > normal (I think, 4.4) > > Subject Type=End Entity > Path Length Constraint=None > > 4.6 > > Subject Type=CA (which is probably OK) > Path Length Constraint=0 > Now all the certificate are same like in the 4.4: - for crt cert: Subject Type=End Entity Path Length Constraint=None - for ssl.keystore and ssl-web.keystore #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] Do you think that's ok or not? Laurentiu > > Specifies the maximum allowable path length, the maximum number of CA > certificates > that may be chained below (subordinate to) the subordinate CA certificate > being issued. The path length affects the number of CA certificates used > during certificate validation. The chain starts with the end-entity > certificate being validated and moves up. > This parameter has no effect if the extension is set in end-entity > certificates. > The permissible values are 0 or *n*. The value must be less than the path > length specified in the Basic Constraints extension of the CA signing > certificate. > 0 specifies that no subordinate CA certificates are allowed below the > subordinate CA certificate being issued; only an end-entity certificate > may follow in the path. > *n* must be an integer greater than zero. This is the maximum number of > subordinate CA certificates allowed below the subordinate CAcertificate > being used. > If the field is blank, the path length defaults to a value determined by > the path length set on the Basic Constraints extension in the issuer's > certificate. If the issuer's path length is unlimited, the path length in > the subordinate CA certificate is also unlimited. If the issuer's path > length isan integer greater than zero, the path length in the subordinate > CA certificate is set to a value one less than the issuer's path length; > for example, if the issuer's path length is 4, the path length in the > subordinate CA certificate is set to 3. > > No matter what browser I use, it complains of a bad signature. Did I miss > something during setup? > > Also, I had to manually edit my IP and set my gateway because no matter > what I did during setup it reverted to DHCP. I am wondering if something > has been inadvertently left off the setup script for CentOS to assign this > manually before the sipx script runs? > > FWIW - To be more easily usable to some of us, it would be nice to include > both nano and wget packages during the ISO install like 4.4 did. >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
