Scott, Success. Started over and regenerated certificates.
If I can indulge you with a few more questions. In the past, certificates were generated as root. I had to change ownership of: authorities.jks ca.hyipt1.hyoung.voice.key ca.hyipt1.hyoung.voice.ser to sipxchange. Should certs now be generated as user sipxchange? Must the caName be the fqdn of the master and NOT the domain name? Thanks for all the help, jim p.s. I did mention re-installing certificates :-) I have performed the following (numerous times): restarted services. rebooted systems. sent profiles. reinstalled certificates on the master. ran 'first-run' script. ran sipxecs-setup-system (secondary). ran sipxecs-setup (secondary). ran sipxecs-upgrade (secondary). verified DNS and bi-directional reachability. re-installed secondary system and repeated above. etc., etc ... > On Tue, 2009-12-01 at 08:22 -0800, jnolen wrote: > > Scott, > > > > Well, progress of sorts -- the certificate generation is failing -- see > > below: > > > > Need guidance on how to fix this. I did regenerate the master > > certificate after I first encountered this problem. > > Ah... you never said that... > > > Generating X.509 certificate signing request for > > 'hyipt2.hyoung.voice' > > ______________________________________________________________________ > > > > Generating X.509 certificate signed by ca.hyipt1.hyoung.voice > > Signature ok > > subject=/C=KE/ST=NBI/L=NAIROBI/O=H Young & Co (E.A) Ltd/OU=VoIP > > Services/CN=hyipt2.hyoung.voice/[email protected] > > Getting CA Private Key > > CA certificate and CA private key do not match > > 11380:error:0B080074:x509 certificate > > routines:X509_check_private_key:key values mismatch:x509_cmp.c:392: > > gen-ssl-keys.sh:Error: Failed to generate X.509 certificate > > Ok... so let's see if this can be recovered short of reconstructing your > master certs from the beginning... > > First, delete > /etc/sipxpbx/ssl/authorities/ca.hyipttest.* > > Check the file > /etc/sipxpbx/ssl/authorities/SSL_DEFAULTS > > for the 'caName' line; make sure that it is: > > caName="ca.hyipt1.hyoung.voice" > > and retry creating the tar file as before. > > If that doesn't work, then I think the only solution is to start from > scratch on your certificates: > > 1. stop all sipXecs services > 2. delete all files in > /etc/sipxpbx/ssl > /etc/sipxpbx/ssl/authorities > /var/sipxdata/certdb > 3. run gen-ssl-keys.sh and install-cert.sh for the master system. > 4. start sipXecs services > 5. try creating the tar file again > > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
