Re: [sipx-users] SipX with Domain Wilcard certificate

Tue, 20 Apr 2010 19:48:18 -0700

Wildcard certificates are known to work in sipX 4.2. Won't work on any version prior to 4.2

Graeme Allen wrote: 
Hi All,

Some further information:

I got SipX to start, by changing /etc/init.d/sipxpbx

        ## check certificate
        /usr/bin/ssl-cert/check-cert.sh \
            --name ${SIPXCHANGE_DOMAIN_NAME} --name ${MY_FULL_HOSTNAME} \
            --fail 5 /etc/sipxpbx/ssl/ssl.crt
        ssl_status=$?

to....

        ## check certificate
        /usr/bin/ssl-cert/check-cert.sh \
            --name ${SIPXCHANGE_DOMAIN_NAME} --name ${MY_FULL_HOSTNAME} --name *.mydomain.net.au \
            --fail 5 /etc/sipxpbx/ssl/ssl.crt
        ssl_status=$?

Ugly yes, but the system is mostly working again.

When I log into the GUI, it says:

	One of the background jobs failed. For details click: here

Which leads to:

Data
replication:
credential
4/21/10 11:14
AM
4/21/10 11:15
AM
Failed

Data
replication:
permission
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

Data
replication:
alias
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

Data
replication:
caller-alias
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

File
replication:
resource-lists.xml
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

File
replication:
orbits.xml
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

Data
replication:
extension
4/21/10 11:15
AM
4/21/10 11:15
AM
Failed

When I go to the Services page, I get:

	sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

So, while the hack got the basics going, it seems the java components of
sipx are failing as java doesn't like the domain wildcard.

Am I wasting my time pursuing this, and should go I go back to a self
signed certificate, or it there a way forward?

Thanks,
-  
Graeme Allen



On Wed, 2010-04-21 at 11:05 +1000, Graeme Allen wrote:
  
Hi All,

I had a working Sipx installation (3.10.2-013143 2008-07-23T18:09:14
ecs-centos5) with self certification.

I obtained a domain wildcard certificate from Go Daddy, and tried
installing it as per http://sipxecs.sipfoundry.org/doc/INSTALL.ssl.html
however have run into trouble.

When I start SipX it says:

Checking TLS/SSL configuration:                            [FAILED]
sipXpbx:
sipXpbx: sipXpbx configuration problems found:
sipXpbx:
sipXpbx: Check TLS/SSL configuration
sipXpbx:    SSL certificate name '*.mydomain.net.au' is not one of:
'sip.mydomain.net.au'
sipXpbx: SSL certificate: /etc/sipxpbx/ssl/ssl.crt

What it is saying is correct, but I should be able to use a domain
wilcard certificate.

Is there a way to tell SipX to allow the *.mydomain.net.au certificate?

Thanks,
-  
Graeme

    

_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
  

_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to