On Jan 16, 2010, at 5:38 PM, Tony Graziano wrote:
What does
sipxproc -state
Tell you?
/usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify
failed (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
from /usr/bin/sipxproc:267
I redid the whole procedure from scratch, with a slightly different
procedure using info gleaned from the text shown with /usr/bin/ssl-
cert/gen-ssl-keys.sh (In all instructions below, replace
"myhost.mydomain" with the fully qualified domain name of your own
server):
1. First I made a new empty dir, and CDed to it.
2, I copied /usr/bin/ssl-cert/gen-ssl-keys.sh to this dir.
3. I edited gen-ssl-keys.sh and changed the line "ServerKeyBits=1024"
to "ServerKeyBits=2048"
4. I ran ./gen-ssl-keys.sh --csr and answered the prompts with
country, state, etc.
5. I cat'ed resulting myhost.mydomain.csr file, and copied the text to
paste it into the GoDaddy CSR request on their website.
6. GoDaddy liked that fine, and I was then able to download a
certificate. I chose "Apache" as the format, and it returned both a
myserver.mydomain.crt and a gd_bundle.crt file in a zip file. I
copied both of these to my directory on the sipx server.
7. One of the problems I saw earlier was an error regarding the Java
keystore when doing the next step that actually installs the keys. To
avoid this, I ran gen-ssl-keys.sh again with the --convert-crt2jks
option:
gen-ssl-keys.sh --convert-crt2jks myhost.mydomain
8. I then ran /usr/bin/ssl-cert/install-cert.sh myhost.mydomain.key.
It seemed to operate without error.
9. I restarted sipx with server sipxecs restart
10. I tested in some web browsers. I only have tested on Macs so
far; Firefox seems to accept the certificate, Safari complains that
the certificate was signed by an unknown authority. I read on the web
that other Safari users have had this problem on Safari.
So things seem to work for me, but I still need to do more testing on
Windows and Linux. I'd like to fix Safari too, if I can figure it
out, as GoDaddy claims it should work.
I'm not sure what the command above that Tony had me run actually
means--it seems to indicate a problem.
Jeff
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
