I gave up and did it the same command line way I have done it in the past. http://www.mail-archive.com/[email protected]/msg16568.html I didn't have to do the part about the CA cert. That had already worked through the GUI, so I guess I was all set there. I also didn't have to do the 'myhost.mydomain.keystore' part. That file wasn't created by the script when I ran it, and Sipx seems to be creating one on its own in /etc/sipxpbx/ssl/ I don't know why the GUI couldn't process the Microsoft cert. The command line method doesn't seem to have any trouble.
-Matthew On 8/31/2010 5:28 PM, Matthew Kitchin (Public) wrote: > Yes. I just got the root cert installed. That was my first challenge. I guess > if I could get some debug output or at least a logfile maybe I would have a > clue what the issue was. > -----Original Message----- > From: Tony Graziano<[email protected]> > Date: Tue, 31 Aug 2010 18:14:10 > To:<[email protected]>;<[email protected]> > Subject: Re: [sipx-users] Any luck importing certificate authority in 4.2.1? > > I seem to recall it might have something to do with a missing root > certificate? > > If this is a self (internal CA), did you install the root certificate so it > could verify the chain of authority? > > I ask because you can't import google contacts until you grab the root > authority for verisign where googles cert is... Does this make sense? > > ============================ > Tony Graziano, Manager > Telephone: 434.984.8430 > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > ----- Original Message ----- > From: [email protected] > <[email protected]> > To: [email protected]<[email protected]> > Sent: Tue Aug 31 18:06:12 2010 > Subject: Re: [sipx-users] Any luck importing certificate authority in 4.2.1? > > I'm stuck on 'Unable to validate certificate' whenever I try and put > in the actual cert for the server. Does anyone know exactly what format > it is looking for? Nothing is updating in the logfiles indicating an issue. > > On 8/31/2010 4:54 PM, Matthew Kitchin (public/usenet) wrote: >> I think I am making progress. I decided to go check the development >> list archive, and one of the most recent posts was this: >> http://list.sipfoundry.org/archive/sipx-dev/msg24143.html >> I renamed my cer file to a crt file, and I have the CA cert imported >> now. Progress :) >> >> On 8/31/2010 10:56 AM, Matthew Kitchin (public/usenet) wrote: >>> I'm trying to install a cert from a internal CA. I have done it with >>> a tedious command line based way in the past, because the GUI >>> wouldn't allow what needed to be done. I read there were significant >>> improvements in 4.2.x in this area. >>> I generated the request and have the response file from my CA. It >>> appears to die because it can't verify the cert. Makes sense, so I >>> try to install the CA certificate. I tried all 3 formats I could get >>> it in: DER, Base-64, and PKCS. Base-64 is the one that at least >>> imports and displays on the screen, so that seems to be what I need >>> here. That is as far as I can make it though. The cert details are >>> displayed on the screen, and I click the 'Keep' button. I get the >>> note saying a background job failed, and I see this when I click on it: >>> File replication: nshpwis06-64.cer 8/31/10 10:50 AM 8/31/10 10:50 AM >>> Failed >>> >>> sipxconfig.log seems to have the relevant log entries (below). >>> >>> I see several other posts >>> http://list.sipfoundry.org/archive/sipx-dev/msg12579.html >>> related to "not declared as a resource by any sipXecs process" >>> Any ideas? >>> >>> Thanks, >>> Matthew >>> >>> >>> "2010-08-31T15:50:50.119000Z":3:JAVA:INFO:local:P1-19:00000000:SipxReplicationContextImpl:"Start >>> replication: File replication: nshpwis06-64.cer" >>> "2010-08-31T15:50:50.201000Z":4:JAVA:INFO:local:P1-19:00000000:XmlRpcClientInterceptor:"XML/RPC >>> File.replace with [pbx.tn203.sipx.voip, /etc/sipxpbx/ssl/autho..., >>> 420, LS0tLS1CRUdJTiBDRVJUSU...] on >>> https://pbx.tn203.sipx.voip:8092/RPC2"; >>> "2010-08-31T15:50:50.452000Z":5:JAVA:ERR:local:pool-3-thread-1:00000000:XmlRpcClientInterceptor:"XML/RPC >>> error: " >>> org.apache.xmlrpc.XmlRpcException: File >>> '/etc/sipxpbx/ssl/authorities/nshpwis06-64.cer' not declared as a >>> resource by any sipXecs process >>> at >>> org.apache.xmlrpc.XmlRpcClientResponseProcessor.decodeException(XmlRpcClientResponseProcessor.java:102) >>> at >>> org.apache.xmlrpc.XmlRpcClientResponseProcessor.decodeResponse(XmlRpcClientResponseProcessor.java:69) >>> at >>> org.apache.xmlrpc.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:72) >>> at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:193) >>> at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:184) >>> at >>> org.sipfoundry.sipxconfig.xmlrpc.XmlRpcClientInterceptor$1.call(Unknown >>> Source) >>> at >>> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:138) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >>> at java.lang.Thread.run(Thread.java:619) >>> "2010-08-31T15:50:50.456000Z":6:JAVA:ERR:local:P1-19:00000000:XmlRpcClientInterceptor:"Runtime >>> error in XML/RPC call" >>> org.sipfoundry.sipxconfig.xmlrpc.XmlRpcRemoteException: File >>> '/etc/sipxpbx/ssl/authorities/nshpwis06-64.cer' not declared as a >>> resource by any sipXecs process >>> at >>> org.sipfoundry.sipxconfig.xmlrpc.XmlRpcClientInterceptor$1.call(Unknown >>> Source) >>> at >>> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:138) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >>> at java.lang.Thread.run(Thread.java:619) >>> "2010-08-31T15:50:50.465000Z":7:JAVA:ERR:local:P1-19:00000000:ReplicationManagerImpl:"File >>> replication failed: nshpwis06-64.cer" >>> org.sipfoundry.sipxconfig.xmlrpc.XmlRpcRemoteException: File >>> '/etc/sipxpbx/ssl/authorities/nshpwis06-64.cer' not declared as a >>> resource by any sipXecs process >>> at >>> org.sipfoundry.sipxconfig.xmlrpc.XmlRpcClientInterceptor$1.call(Unknown >>> Source) >>> at >>> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:138) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >>> at java.lang.Thread.run(Thread.java:619) >>> "2010-08-31T15:50:50.466000Z":8:JAVA:WARNING:local:P1-19:00000000:SipxReplicationContextImpl:"Replication >>> failed: File replication: nshpwis06-64.cer" >>> > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
