On Tue, 2009-12-01 at 11:57 -0800, jnolen wrote: > Scott, > > Success. Started over and regenerated certificates.
Great. > If I can indulge you with a few more questions. In the past, > certificates were generated as root. I had to change ownership of: > > authorities.jks > ca.hyipt1.hyoung.voice.key > ca.hyipt1.hyoung.voice.ser > > to sipxchange. You had to change those why? and when? > Should certs now be generated as user sipxchange? The certificate authority and the certificate for the master system are generated as root in the setup script (sipxecs-setup or sipxecs-setup-system, depending on whether you installed from rpms or the iso respectively). > Must the caName be the fqdn of the master and NOT the domain name? The caName can be anything you want if you run the gen-ssl-keys.sh directly - its name is essentially arbitrary (although, since it is used as part of a file name, there are some values that wouldn't work - don't get cute). The setup scripts use 'ca.' + the fully qualified hostname of the master more or less arbitrarily (it's unlikely to collide with values generated elsewhere). _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
