I have to do mine by hand, because the GUI won't work with Microsoft
Active Directory Certificate Authority certs. As I was learning, I
messed them up a lot and redid them several times. On one of my 4.2.1 ->
4.4 upgrades, something didn't go right apparently. You couldn;t change
a VM PIN from a handset. I now redo them right after a 4.4 upgrade as a
precaution. My steps are below. A few of them are specific to my
environment obviously.
mkdir $HOME/sslkeys
cd $HOME/sslkeys
/usr/bin/ssl-cert/gen-ssl-keys.sh --csr
Country Name (2 letter code) [] : US
State or Province Name (full name) [] : Tennessee
Locality Name (eg, city) [] : Nashville
Organization Name (eg, company) [] : DSI
Organization Unit Name (eg, section) [VoIP Services] :
http://nshpwis7/certsrv/
cat pbx.tx207.sipx.voip.csr
Submit, and download as DER
openssl x509 -in pbx.tx207.sipx.voip.cer -inform DER -out
pbx.tx207.sipx.voip.crt -outform PEM
mkdir /etc/sipxpbx/ssl/old
cp -r /etc/sipxpbx/ssl/* /etc/sipxpbx/ssl/old/
cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl-web.crt
cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl-web.key
cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl.crt
cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl.key
rm /etc/sipxpbx/ssl/ssl.keystore
rm /etc/sipxpbx/ssl/ssl-web.keystore
cp nshpwis7.dsi-corp.netCA.crt /etc/sipxpbx/ssl/authorities
/usr/bin/ssl-cert/ca_rehash
On 5/14/2011 4:40 PM, Josh M. Patten wrote:
I don't care, so long as it works.
BTW I have verified this is an SSL problem because I cut
resource-lists.xml down to just one list and now sipxrls.log is filled
with those SSL errors. Have you had to redo your SSL stuff before?
Josh Patten
Brazos County Network Engineer
979.361.4676
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Matthew
Kitchin (public/usenet)
*Sent:* Saturday, May 14, 2011 4:38 PM
*To:* [email protected]
*Subject:* Re: [sipx-users] 4.4 sipXrls dead
On 5/14/2011 4:13 PM, Josh M. Patten wrote:
Also seeing:
"2011-05-14T21:09:03.135356Z":7:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket
SSL_accept SSL handshake error:\n SSL error: 1
'error:00000001:lib(0):func(0):reason(1)'"
"2011-05-14T21:09:03.135398Z":8:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket
SSL_accept SSL handshake error:\n SSL error: 336027900
'error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'"
Anyone here savvy on recreating SSL certs?
Do you want new ones, or try and fix/recover the old ones?
Josh Patten
Brazos County Network Engineer
979.361.4676
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Josh M.
Patten
*Sent:* Saturday, May 14, 2011 4:05 PM
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.4 sipXrls dead
Yeah full backup. I somehow don't think that will help, and I'll
explain why: Whenever Hoa was writing the fix for
http://track.sipfoundry.org/browse/XX-8474 the time values that were
used to "space out" requests were shortened slightly but not
drastically in order to help changes finish sooner. Well, I think Dale
W shortened it down too much for the final code and now if you have a
huge RLS list (like I do) it will fill up the buffers before it can
finish processing them and crash.
Could someone with a little insight into the code look into this and
let me know?
Josh Patten
Brazos County Network Engineer
979.361.4676
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Tony
Graziano
*Sent:* Saturday, May 14, 2011 3:58 PM
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.4 sipXrls dead
I normally perform reboots between upgrades. I find it helps.
java "is" a four letter word you know...
You hopefully got a full backup first in the case?
On May 14, 2011 4:47 PM, "Josh M. Patten" <[email protected]
<mailto:[email protected]>> wrote:
> No, I'll do that. It appears that it maxes out and then core dumps,
as I have a fresh core dump in /var/log/sipxpbx right after this
message in sipxrls.log (this is the last message that's sent. After
that it's radio silence.):
>
>
"2011-05-14T20:43:20.797258Z":272:KERNEL:NOTICE:it.ippbx.co.brazos.tx.us:SipSubscribeClient-28:40D8A940:sipxrls:"OsMsgQShared::doSendCore
message queue 'ResourceListTask-29' is over half full - count = 99,
max = 100"
>
> Josh Patten
> Brazos County Network Engineer
> 979.361.4676
>
> From: [email protected]
<mailto:[email protected]>
[mailto:[email protected]
<mailto:[email protected]>] On Behalf Of Tony
Graziano
> Sent: Saturday, May 14, 2011 3:45 PM
> To: Discussion list for users of sipXecs software
> Subject: Re: [sipx-users] 4.4 sipXrls dead
>
>
> have you tried an actual reboot?
> On May 14, 2011 4:33 PM, "Josh M. Patten" <[email protected]
<mailto:[email protected]><mailto:[email protected]
<mailto:[email protected]>>> wrote:
>> Hmm it seems that more is unwell. All my services are now showing
as "undefined" on my main server (redundant proxies are OK). I'm not
quite sure where to begin my troubleshooting quest on this one. Anyone
care point me in the right direction?
>>
>> Josh Patten
>> Brazos County Network Engineer
>> 979.361.4676
>>
>> From: [email protected]
<mailto:[email protected]><mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]><mailto:[email protected]
<mailto:[email protected]>>] On Behalf Of Josh M.
Patten
>> Sent: Saturday, May 14, 2011 3:27 PM
>> To: [email protected]
<mailto:[email protected]><mailto:[email protected]
<mailto:[email protected]>>
>> Subject: [sipx-users] 4.4 sipXrls dead
>>
>> After upgrading sipX from 4.2.1 to 4.4 this afternoon sipXrls will
not respond to any requests and all that is in sipxrls.log when
logging is set to info is:
>>
"2011-05-14T20:22:24.917670Z":3:RLS:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"SIP_RLS_LOG_CONSOLE
: DISABLE"
>>
"2011-05-14T20:22:24.917784Z":4:SIPDB:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"initMutex.initialize
returns dbInitializationMutex::AlreadyInitialized"
>>
>> I've tried restarting the RLS service a couple times to see if that
would resolve it, as well as resending profiles to all servers with no
luck. Is there something I've not done properly?
>>
>> Thanks
>>
>> Josh Patten
>> Brazos County Network Engineer
>> 979.361.4676
>>
_______________________________________________
sipx-users mailing list
[email protected] <mailto:[email protected]>
List Archive:http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
