Thanks. I definitely ran into some of the issues you did. I think I tried so many things the first time around, I wasn't sure what all worked and what didn't. I cleared everything out and started from scratch a few days ago, and got it to work.
On 10/7/2010 8:34 AM, Geoff Van Brunt wrote: > I just did this yesterday in fact. I never could get the web gui > working, except for the CA certs. That required exporting in base-64 > format and then changing the file extension to crt from cer, otherwise > they won't upload. I haven't gotten around to checking the tracker if an > issue has been created or not yet. > > At that point I had a heck of a time trying to get the certs updated. I > did this: > > mkdir $HOME/sslkeys > cd $HOME/sslkeys > /usr/bin/ssl-cert/gen-ssl-keys.sh > > I used the csr to generate a cert in our AD CA. One thing I had to do > was create a custom template. The regular Web Server cert was only for > Server Authentication purposes. The cert is also used in a client > fashion by TLS so you need to duplicate the Computer template and change > the security so only Admins can create the cert. Also you need to change > Subject Name tab to "Supply in Request" so you can obtain from the web > interface. > > Copy the certs back to the sslkeys directory. Copy the crt and key files > to //etc/sipxpbx/ssl. Rename them to ssl.crt and ssl.key. Copy them one > more time and rename to ssl-web.crt and ssl-web.key. > Delete the .keystore files. They no longer need to be generated by hand > as SipX does it on startup if they are missing. > > Copy and CA and intermediate files to //etc/sipxpbx/ssl/authorities. > /usr/bin/ssl-cert/ca_rehash > > Type "service sipxecs stop" > Type "service sipxecs start" > > That got me a working server. > > That was mostly due to the information you provided previously (thank > you) so I'm glad to give back. If you ever figure out how to upload via > the gui, let me know. I tired with the key and cert that I manually > generated and signed and it did not work even with the proper CA certs > already uploaded... > > Geoff Van Brunt > IT Manager > DST Consulting Engineers > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
