Perhaps I could try regenerating all certificates? I'm not sure how to do this in a cluster environment. Could someone point me in the right direction? I know in a single node environment you can use this: http://sipx-wiki.calivia.com/index.php/SSL_Certificates but I haven't been able to find any instructions for doing that in a cluster.
Josh Patten Assistant Network Administrator Brazos County IT Dept. (979) 361-4676 On 5/3/2010 11:37 AM, Josh Patten wrote: > What I did to build this test system was: > > Install sipX 4.0.4 from ISO > backup the primary production server via sipXconfig > backup the secondary production server from command line (sipx-backup) > > restore both the primary and secondary servers via command line in the > test environment. > > After I do this, firefox cannot connect because of an SSL issue. To get > around this I load up sipXconfig on IE and send profiles to the server. > > I then perform the 4.2 upgrade. > > After the 4.2 upgrade everything ran fine for a few hours then that > certificate error popped up. > > stunnel on both servers is 4.28-1 > > config is identical on both servers: > > service = sipxcallresolver-agent > pid = /var/run/sipxpbx/sipxcallresolver-agent.pid > verify = 2 > debug = 5 > output = /var/log/sipxpbx/sipxcallresolver-agent.log > CApath = /etc/sipxpbx/ssl/authorities > cert = /etc/sipxpbx/ssl/ssl.crt > key = /etc/sipxpbx/ssl/ssl.key > client = no > foreground = yes > > [postgresql] > accept = 9300 > connect = 5432 > > > Josh Patten > Assistant Network Administrator > Brazos County IT Dept. > (979) 361-4676 > > > On 5/3/2010 10:40 AM, DANS, RAYMOND (RAYMOND) wrote: > >>> On 4/30/2010 1:50 PM, Josh Patten wrote: >>> >>> >>>> Today on my test 4.2 environment I received an alarm email that the >>>> CallResolver-Agent stopped unexpectedly on the secondary HA >>>> >>>> >>> server and >>> >>> >>>> could not start. Here was the error: >>>> >>>> 2010.04.30 13:43:04 LOG7[5134:3086362320]: RAND_status claims >>>> sufficient entropy for the PRNG 2010.04.30 13:43:04 >>>> LOG7[5134:3086362320]: PRNG seeded successfully 2010.04.30 13:43:04 >>>> LOG7[5134:3086362320]: Certificate: /etc/sipxpbx/ssl/ssl.crt >>>> 2010.04.30 13:43:04 LOG7[5134:3086362320]: Certificate loaded >>>> 2010.04.30 13:43:04 LOG7[5134:3086362320]: Key file: >>>> /etc/sipxpbx/ssl/ssl.key 2010.04.30 13:43:04 LOG7[5134:3086362320]: >>>> Private key loaded 2010.04.30 13:43:04 LOG7[5134:3086362320]: Verify >>>> directory set to /etc/sipxpbx/ssl/authorities 2010.04.30 13:43:04 >>>> LOG7[5134:3086362320]: Added /etc/sipxpbx/ssl/authorities revocation >>>> lookup directory 2010.04.30 13:43:04 LOG7[5134:3086362320]: SSL >>>> context initialized for service postgresql 2010.04.30 13:43:04 >>>> LOG3[5134:3086362320]: FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS >>>> routines:FIPS_mode_set:fingerprint does not match >>>> >>>> Any recommendation on how I should tackle this problem? It >>>> >>>> >>> looks like >>> >>> >>>> I have a certificate issue but I'm not sure. >>>> >>>> >>>> >> Josh, can you tell me what version of stunnel you're using (rpm -qa | grep >> stunnel) and also show me your stunnel configuration file (usually its >> /etc/sipxpbx/sipxcallresolver-agent-config). I've never seen this issue >> before nor can I find any information on it. >> >> The current version of stunnel that we're using is 4.26-1. >> >> Thanks >> Raymond >> > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
