I just did this yesterday in fact. I never could get the web gui working, except for the CA certs. That required exporting in base-64 format and then changing the file extension to crt from cer, otherwise they won't upload. I haven't gotten around to checking the tracker if an issue has been created or not yet.
At that point I had a heck of a time trying to get the certs updated. I did this: mkdir $HOME/sslkeys cd $HOME/sslkeys /usr/bin/ssl-cert/gen-ssl-keys.sh I used the csr to generate a cert in our AD CA. One thing I had to do was create a custom template. The regular Web Server cert was only for Server Authentication purposes. The cert is also used in a client fashion by TLS so you need to duplicate the Computer template and change the security so only Admins can create the cert. Also you need to change Subject Name tab to "Supply in Request" so you can obtain from the web interface. Copy the certs back to the sslkeys directory. Copy the crt and key files to //etc/sipxpbx/ssl. Rename them to ssl.crt and ssl.key. Copy them one more time and rename to ssl-web.crt and ssl-web.key. Delete the .keystore files. They no longer need to be generated by hand as SipX does it on startup if they are missing. Copy and CA and intermediate files to //etc/sipxpbx/ssl/authorities. /usr/bin/ssl-cert/ca_rehash Type "service sipxecs stop" Type "service sipxecs start" That got me a working server. That was mostly due to the information you provided previously (thank you) so I'm glad to give back. If you ever figure out how to upload via the gui, let me know. I tired with the key and cert that I manually generated and signed and it did not work even with the proper CA certs already uploaded... Geoff Van Brunt IT Manager DST Consulting Engineers _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
