Hi, I think I have a possible solution.
I was reading through some of the files and posts and there was an important statement, not sure on the relevance, but here goes. Following Jeff's instructions create a GoDaddy certificate in /root/sslcert (or where ever) and run all the commands up to the last one but don't install it. The important part I read was that the Web Certs aren't checked against the installed CA installed in the authorities directory, so in the /etc/sipxpbx/ssl directory rename the three *-web.* files and replace with the relevant GoDaddy cert files naming them to ssl-web.* (where * is crt or keystore or key) . I did this, restarted SipXecs services and everything I have tested works, along with having a SSL browser that validates the CA etc no problem. I then rebooted and everything still works as expected. I expect this will work with any SSL cert where a relevant CA is available like an MS CA or in my case an external CA. Now I haven't tested absolutely everything so those out there that want to test please post findings. Perhaps this is what the Web Certificates page is for, but it doesn't work. Cheers Grant From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Gilmore Sent: Tuesday, 19 January 2010 7:55 a.m. To: [email protected] Subject: Re: [sipx-users] SSL Cert help Thanks all for insights. I'm not sure what went wrong, but have successfully backed out of it by simply running /usr/bin/ssl-cert/gen-ssl-keys.sh then /usr/bin/ssl-cert/install-cert.sh. My copy of /usr/bin/ssl-cert/gen-ssl-keys.sh still has the 2048 byte key change, and it seemed to work OK. I'll live with the browser warnings for now... Jeff
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
