On Tue, 2009-12-01 at 12:52 -0800, jnolen wrote: > Scott, > > Replies in-line: > > > On Tue, 2009-12-01 at 11:57 -0800, jnolen wrote: > > > Scott, > > > > > > Success. Started over and regenerated certificates. > > > > Great. > > > > > If I can indulge you with a few more questions. In the past, > > > certificates were generated as root. I had to change ownership of: > > > > > > authorities.jks > > > ca.hyipt1.hyoung.voice.key > > > ca.hyipt1.hyoung.voice.ser > > > > > > to sipxchange. > > > > You had to change those why? and when? > > When I ran /usr/libexec/sipXecs/initial-config <hostname> as user > sipxchange, > the installation failed with permission errors on those 3 files: > > Generating X.509 certificate signed by ca.hyipt1.hyoung.voice > Signature ok > subject=/C=ke/ST=Nairobi/L=Nairobi/O=hyoung/OU=VoIP > Services/CN=hyipt2.hyoung.voice/[email protected] > Getting CA Private Key > Error opening CA Private Key ca.hyipt1.hyoung.voice.key > 20324:error:0200100D:system library:fopen:Permission > denied:bss_file.c:352:fopen('ca.hyipt1.hyoung.voice.key','r') > 20324:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: > unable to load CA Private Key > gen-ssl-keys.sh:Error: Failed to generate X.509 certificate > > > > > > Should certs now be generated as user sipxchange?
Yes. The setup scripts ensure that everything in /var/sipxdata/certdb is owned and readable by user 'sipxchange', and the directory itself is owned and writeable by 'sipxchange'. Possibly something in the upgrade from 3.10 breaks that, but that's how it needs to be for the initial-config script to generate the configuration for a new distributed system. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
