On Tue, 2009-12-01 at 08:22 -0800, jnolen wrote: > Scott, > > Well, progress of sorts -- the certificate generation is failing -- see > below: > > Need guidance on how to fix this. I did regenerate the master > certificate after I first encountered this problem.
Ah... you never said that... > Generating X.509 certificate signing request for > 'hyipt2.hyoung.voice' > ______________________________________________________________________ > > Generating X.509 certificate signed by ca.hyipt1.hyoung.voice > Signature ok > subject=/C=KE/ST=NBI/L=NAIROBI/O=H Young & Co (E.A) Ltd/OU=VoIP > Services/CN=hyipt2.hyoung.voice/[email protected] > Getting CA Private Key > CA certificate and CA private key do not match > 11380:error:0B080074:x509 certificate > routines:X509_check_private_key:key values mismatch:x509_cmp.c:392: > gen-ssl-keys.sh:Error: Failed to generate X.509 certificate Ok... so let's see if this can be recovered short of reconstructing your master certs from the beginning... First, delete /etc/sipxpbx/ssl/authorities/ca.hyipttest.* Check the file /etc/sipxpbx/ssl/authorities/SSL_DEFAULTS for the 'caName' line; make sure that it is: caName="ca.hyipt1.hyoung.voice" and retry creating the tar file as before. If that doesn't work, then I think the only solution is to start from scratch on your certificates: 1. stop all sipXecs services 2. delete all files in /etc/sipxpbx/ssl /etc/sipxpbx/ssl/authorities /var/sipxdata/certdb 3. run gen-ssl-keys.sh and install-cert.sh for the master system. 4. start sipXecs services 5. try creating the tar file again _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
