NOT WORKING! Grant has sent me a private email pointing out a problem that I too am experiencing after my supposedly successful installation of the SSL Cert from GoDaddy.
If you go to System/Servers and look at the list of sipx processes, they all appear as Status: Undefined. I think that some of the processes are either not starting or unable to communicate with the config server (I restarted the whole server to be sure, but that made no difference). In digging through the logs, I see in sipstatus.log lots of the following messages: "2010-0118T11:38:51.778924Z":121:HTTP:ERR:choicevoip.ev.ithaca.ny.us:SubscribeServerThread:B6CB7B90: SipStatus:"HttpMessage::get[4] Receiving failed on persistent connection on try 0" and at least one of: "2010-01-18T15:07:11.570443Z":130:KERNEL:ERR:choicevoip.ev.ithaca.ny.us:HttpServer-2:FFFFFFFF:SipStatus:"OsSSLServerSocket: accept call failed with error: 22=16" and in sipxsupervisor.log, many errors like this: "2010-01-18T15:35:30.884565Z":484:SUPERVISOR:ERR:choicevoip.ev.ithaca.ny.us:SipxProcess-15:B6BF9B90:Supervisor:"SipxProcess[ConfigServer]::commandOutput 'Avoiding obscuring previous error by supressing error encountered while ending request: org.apache.xmlrpc.XmlRpcClientException: Exception closing URLConnection'" "2010-01-18T15:35:31.183291Z":485:KERNEL:INFO:choicevoip.ev.ithaca.ny.us:HttpServer-3:B7C43B90:Supervisor:"OsConnectionSocket::_[2] ((null), 8)" "2010-01-18T15:35:31.187176Z":486:KERNEL:ERR:choicevoip.ev.ithaca.ny.us:HttpServer-3:B7C43B90:Supervisor:"OsSSLServerSocket SSL_accept - incompatible client?:\n SSL error: 1 'error:00000001:lib(0):func(0):reason(1)'" Any suggestions of where to go from here? My thought is to try what Tony said worked for him (doing it all through the web GUI) with one modification--first changing the underlying /usr/bin/ssl-cert/gen-ssl-keys.sh script (which I assume gets called by the web GUI) so that it will generate a 2048 byte key, since GoDaddy and other CAs are now requiring longer keys. If that doesn't work, I'm ready to give up on a real certificate, and would just go back to self-signing. Any insights, advice or warnings will be greatly appreciated... Jeff On Jan 17, 2010, at 1:28 AM, Grant Lang wrote:
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
