Re: [sipx-users] SSL Cert help

Wed, 20 Jan 2010 11:31:12 -0800 

>Subject: Re: [sipx-users] SSL Cert help
>
>Everything looks ok to me, I think. The only possibly odd 
>thing I see is the 'trustedCertEntry' part in the keystore. I 
>did a disaster recover test of this machine a few weeks ago 
>and I looked at the machine I recovered it to then, and it has 
>the full name of the root cert at the beginning of that line.
>
>[r...@nshpbx1 ssl]# ll
>total 48
>drwx------ 2 sipxchange root 4096 Jan 20 12:39 authorities
>-rw------- 1 sipxchange root  971 Jan 20 12:38 authorities.jks
>drwxr-xr-x 3 root       root 4096 Jan 20 11:54 bad
>drwxr-xr-x 4 root       root 4096 Jan 20 11:25 bad5
>-rw------- 1 sipxchange root 2126 Jan 20 12:38 ssl.crt
>-rw------- 1 sipxchange root  887 Jan 20 12:38 ssl.key
>-rw------- 1 sipxchange root 1694 Jan 20 12:38 ssl.keystore
>-rw------- 1 sipxchange root 2126 Jan 20 12:38 ssl.p12
>-rw------- 1 sipxchange root 2126 Jan 20 12:38 ssl-web.crt
>-rw------- 1 sipxchange root  887 Jan 20 12:38 ssl-web.key
>-rw------- 1 sipxchange root 1694 Jan 20 12:38 ssl-web.keystore
>-rw------- 1 sipxchange root 2126 Jan 20 12:38 ssl-web.p12
>
>[r...@nshpbx1 authorities]# ll
>total 4
>lrwxrwxrwx 1 root       root   34 Jan 20 12:39 cbc21f34.0 -> DSI VoIP 
>Certificate Authority.crt
>-rw-r--r-- 1 sipxchange root 2292 Jan 20 12:38 DSI VoIP 
>Certificate Authority.crt
>
>
>[r...@nshpbx1 ssl]# keytool -list -keystore ssl.keystore 
>-storepass changeit
>
>Keystore type: JKS
>Keystore provider: SUN
>
>Your keystore contains 1 entry
>
>nshpbx1.sipx.voip, Jan 20, 2010, PrivateKeyEntry,
>Certificate fingerprint (MD5): 
>1C:7A:98:F7:7E:8A:20:0E:48:EF:EB:13:76:99:7C:09
>
>[r...@nshpbx1 ssl]# keytool -list -keystore authorities.jks -storepass 
>changeit
>
>Keystore type: JKS
>Keystore provider: SUN
>
>Your keystore contains 1 entry
>
>, Jan 20, 2010, trustedCertEntry,
>Certificate fingerprint (MD5): 
>1C:7A:98:F7:7E:8A:20:0E:48:EF:EB:13:76:99:7C:09
>
>
I believe it looks okay.  The beginning of that line is for the alias
name and you don't have one.  I'm not familiar enough with this to know
whether have no alias is okay. 

Try issuing the keytool commands again and add '-v' after the '-list'.
This will give more information.
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to