I'm not sure exactly how to do that, so I guess I hadn't. How should I
do that? The ssl script seems to indicate it is doing that (see below).
On a side note, I just tried completely rerunning the sipx setup wizard.
That didn't help. Same result.
I realize my timing here is awful. I am desperate. We have training for
2 hours this afternoon, so I can't rebuild the system from scratch right
now. I really don't want to do that if I don't have to. We were going to
spend this evening staging all the handsets, but I obviously can't do
that if I'm going to have to rebuild the system. This is a nightmare. It
is 100% my fault. I was trying to squeeze in one more thing before we
went into production, and obviously that was a horrible idea.
______________________________________________________________________
Generating Java Key Store
Enter input keystore passphrase: Enter output keystore passphrase: Alias
0: nshpbx1.sipx.voip
Adding key for alias nshpbx1.sipx.voip
______________________________________________________________________
Generating Java Trust Store
Certificate was added to keystore
On 1/20/2010 12:27 PM, Raymond Dans wrote:
>> Subject: Re: [sipx-users] SSL Cert help
>>
>> I will be glad to listen to a whole bunch of "I told so", but
>> I would greatly appreciate a little help first.
>> I made a system backup, and backed up the SSL directories
>> before trying any of this. I wanted to give an external SSL
>> cert one more shot. It didn't work, so I went to revert back
>> to a self signed cert. I follwed the same things I had done
>> before. I ran /usr/bin/ssl-cert/gen-ssl-keys.sh and then
>> /usr/bin/ssl-cert/install-cert.sh Most everything is ok, but I
>> can't change the PIN from a phone. I restored from backup
>> taken prior to any of this, and it didn't help. I get the
>> errors below in mediaserver_cgi.log I have tried regenerating
>> the certs a few times, and everything seems to go ok. Can
>> someone help me get past this issue? I would greatly
>> appreciate it and wil not tinker with ssl certs again until 4.2 :)
>>
>>
>> "2010-01-20T16:53:40.411617Z":1:KERNEL:ERR:nshpbx1.sipx.voip:pi
>> d-8800:23D69C30:mediaservercgi:"OsSSL::verifyCallback
>> invalid certificate at depth 0\n error='unable to get
>> local issuer
>> certificate'\n
>> issuer='/C=US/ST=AnyState/L=AnyTown/O=sipx.voip/OU=sipXecs/CN=c
>> a.nshpbx1.sipx.voip/[email protected]'\n
>> subject='/C=US/ST=AnyState/L=AnyTown/O=sipx.voip/OU=sipXecs/CN=
>> nshpbx1.sipx.voip/[email protected]'"
>> "2010-01-20T16:53:40.411754Z":2:KERNEL:ERR:nshpbx1.sipx.voip:pi
>> d-8800:23D69C30:mediaservercgi:"OsSSLConnectionSocket
>> SSL_connect failed: :\n SSL error: 1
>> 'error:00000001:lib(0):func(0):reason(1)'"
>> "2010-01-20T16:53:40.411797Z":3:HTTP:ERR:nshpbx1.sipx.voip:pid-
>> 8800:23D69C30:mediaservercgi:"HttpMessage::get[4]
>> socket to 10.87.20.5:8101 not connected, retry 1 after 20ms"
>> "2010-01-20T16:53:40.433197Z":4:KERNEL:ERR:nshpbx1.sipx.voip:pi
>> d-8800:23D69C30:mediaservercgi:"OsSSL::verifyCallback
>> invalid certificate at depth 0\n error='unable to get
>> local issuer
>> certificate'\n
>> issuer='/C=US/ST=AnyState/L=AnyTown/O=sipx.voip/OU=sipXecs/CN=c
>> a.nshpbx1.sipx.voip/[email protected]'\n
>> subject='/C=US/ST=AnyState/L=AnyTown/O=sipx.voip/OU=sipXecs/CN=
>> nshpbx1.sipx.voip/[email protected]'"
>> "2010-01-20T16:53:40.433261Z":5:KERNEL:ERR:nshpbx1.sipx.voip:pi
>> d-8800:23D69C30:mediaservercgi:"OsSSLConnectionSocket
>> SSL_connect failed: :\n SSL error: 1
>> 'error:00000001:lib(0):func(0):reason(1)'"
>> "2010-01-20T16:53:40.433289Z":6:HTTP:ERR:nshpbx1.sipx.voip:pid-
>> 8800:23D69C30:mediaservercgi:"HttpMessage::get[4]
>> socket to 10.87.20.5:8101 not connected, retry 2 after 40ms"
>> "2010-01-20T16:53:40.473894Z":7:HTTP:ERR:nshpbx1.sipx.voip:pid-
>> 8800:23D69C30:mediaservercgi:"HttpMessage::get[4]
>> socket connection to 10.87.20.5:8101 failed, give up..."
>>
>>
>> On 1/20/2010 7:38 AM, Scott Lawrence wrote:
>>
>>> On Wed, 2010-01-20 at 12:21 +0000, [email protected] wrote:
>>>
>>>
>>>> Scott - if there are issues, should they show up
>>>>
>> immediately? If you
>>
>>>> have to back out, is it still just as easy as regenerating the self
>>>> signed cert?
>>>>
>>>>
>>> Yes, they should show up as soon as you restart.
>>>
>>> If you think regenerating the self signed cert is easy, then yes -
>>> it's just that easy.
>>>
>
> Not sure if this will help but did you regenerate and install the Java
> Keystore/Truststore? If not you may want to try this first.
>
> Raymond
>
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
