To issue the primary, the steps are the same. 1. generate the keys, then: 2. install the certs
but remember if you install a new certificate, same everything, "You can re-run sipxecs-setup as many times as you wish on any server. However, if you run it on the master server, note that a new CA certificate will be generated and hence you will need to run it on all the other servers of the cluster." so perhaps shutting down services and running sipxecs-setup on each server, then start services... On Sat, May 14, 2011 at 5:49 PM, Josh M. Patten <[email protected]>wrote: > Also, wouldn’t > http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores be a > better fit for what I need? > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Josh M. Patten > *Sent:* Saturday, May 14, 2011 4:48 PM > > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] 4.4 sipXrls dead > > > > Does this work for redundant proxies as well or should I just completely > redo those as well? > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Matthew Kitchin > (public/usenet) > *Sent:* Saturday, May 14, 2011 4:47 PM > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] 4.4 sipXrls dead > > > > I have to do mine by hand, because the GUI won't work with Microsoft Active > Directory Certificate Authority certs. As I was learning, I messed them up a > lot and redid them several times. On one of my 4.2.1 -> 4.4 upgrades, > something didn't go right apparently. You couldn;t change a VM PIN from a > handset. I now redo them right after a 4.4 upgrade as a precaution. My steps > are below. A few of them are specific to my environment obviously. > > mkdir $HOME/sslkeys > cd $HOME/sslkeys > /usr/bin/ssl-cert/gen-ssl-keys.sh --csr > > Country Name (2 letter code) [] : US > State or Province Name (full name) [] : Tennessee > Locality Name (eg, city) [] : Nashville > Organization Name (eg, company) [] : DSI > Organization Unit Name (eg, section) [VoIP Services] : > > http://nshpwis7/certsrv/ > cat pbx.tx207.sipx.voip.csr > Submit, and download as DER > > openssl x509 -in pbx.tx207.sipx.voip.cer -inform DER -out > pbx.tx207.sipx.voip.crt -outform PEM > > mkdir /etc/sipxpbx/ssl/old > cp -r /etc/sipxpbx/ssl/* /etc/sipxpbx/ssl/old/ > > > cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl-web.crt > > cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl-web.key > > cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl.crt > > cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl.key > > rm /etc/sipxpbx/ssl/ssl.keystore > > rm /etc/sipxpbx/ssl/ssl-web.keystore > > > cp nshpwis7.dsi-corp.netCA.crt /etc/sipxpbx/ssl/authorities > > /usr/bin/ssl-cert/ca_rehash > > > On 5/14/2011 4:40 PM, Josh M. Patten wrote: > > I don’t care, so long as it works. > > > > BTW I have verified this is an SSL problem because I cut resource-lists.xml > down to just one list and now sipxrls.log is filled with those SSL errors. > Have you had to redo your SSL stuff before? > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > *From:* [email protected] [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Matthew Kitchin (public/usenet) > *Sent:* Saturday, May 14, 2011 4:38 PM > *To:* [email protected] > *Subject:* Re: [sipx-users] 4.4 sipXrls dead > > > > On 5/14/2011 4:13 PM, Josh M. Patten wrote: > > Also seeing: > > > > "2011-05-14T21:09:03.135356Z":7:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket > SSL_accept SSL handshake error:\n SSL error: 1 > 'error:00000001:lib(0):func(0):reason(1)'" > > "2011-05-14T21:09:03.135398Z":8:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket > SSL_accept SSL handshake error:\n SSL error: 336027900 'error:140760FC:SSL > routines:SSL23_GET_CLIENT_HELLO:unknown protocol'" > > > > Anyone here savvy on recreating SSL certs? > > Do you want new ones, or try and fix/recover the old ones? > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > *From:* [email protected] [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Josh M. Patten > *Sent:* Saturday, May 14, 2011 4:05 PM > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] 4.4 sipXrls dead > > > > Yeah full backup. I somehow don’t think that will help, and I’ll explain > why: Whenever Hoa was writing the fix for > http://track.sipfoundry.org/browse/XX-8474 the time values that were used > to “space out” requests were shortened slightly but not drastically in order > to help changes finish sooner. Well, I think Dale W shortened it down too > much for the final code and now if you have a huge RLS list (like I do) it > will fill up the buffers before it can finish processing them and crash. > > > > Could someone with a little insight into the code look into this and let me > know? > > > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > *From:* [email protected] [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Tony Graziano > *Sent:* Saturday, May 14, 2011 3:58 PM > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] 4.4 sipXrls dead > > > > I normally perform reboots between upgrades. I find it helps. > > java "is" a four letter word you know... > > You hopefully got a full backup first in the case? > > On May 14, 2011 4:47 PM, "Josh M. Patten" <[email protected]> wrote: > > No, I'll do that. It appears that it maxes out and then core dumps, as I > have a fresh core dump in /var/log/sipxpbx right after this message in > sipxrls.log (this is the last message that's sent. After that it's radio > silence.): > > > > "2011-05-14T20:43:20.797258Z":272:KERNEL:NOTICE:it.ippbx.co.brazos.tx.us:SipSubscribeClient-28:40D8A940:sipxrls:"OsMsgQShared::doSendCore > message queue 'ResourceListTask-29' is over half full - count = 99, max = > 100" > > > > Josh Patten > > Brazos County Network Engineer > > 979.361.4676 > > > > From: [email protected] [mailto: > [email protected]] On Behalf Of Tony Graziano > > Sent: Saturday, May 14, 2011 3:45 PM > > To: Discussion list for users of sipXecs software > > Subject: Re: [sipx-users] 4.4 sipXrls dead > > > > > > have you tried an actual reboot? > > On May 14, 2011 4:33 PM, "Josh M. Patten" <[email protected] > <mailto:[email protected]>> wrote: > >> Hmm it seems that more is unwell. All my services are now showing as > "undefined" on my main server (redundant proxies are OK). I'm not quite sure > where to begin my troubleshooting quest on this one. Anyone care point me in > the right direction? > >> > >> Josh Patten > >> Brazos County Network Engineer > >> 979.361.4676 > >> > >> From: [email protected]<mailto: > [email protected]> [mailto: > [email protected]<mailto: > [email protected]>] On Behalf Of Josh M. Patten > >> Sent: Saturday, May 14, 2011 3:27 PM > >> To: [email protected]<mailto: > [email protected]> > >> Subject: [sipx-users] 4.4 sipXrls dead > >> > >> After upgrading sipX from 4.2.1 to 4.4 this afternoon sipXrls will not > respond to any requests and all that is in sipxrls.log when logging is set > to info is: > >> "2011-05-14T20:22:24.917670Z":3:RLS:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"SIP_RLS_LOG_CONSOLE > : DISABLE" > >> "2011-05-14T20:22:24.917784Z":4:SIPDB:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"initMutex.initialize > returns dbInitializationMutex::AlreadyInitialized" > >> > >> I've tried restarting the RLS service a couple times to see if that > would resolve it, as well as resending profiles to all servers with no luck. > Is there something I've not done properly? > >> > >> Thanks > >> > >> Josh Patten > >> Brazos County Network Engineer > >> 979.361.4676 > >> > > > > > > _______________________________________________ > > sipx-users mailing list > > [email protected] > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > > > > _______________________________________________ > > sipx-users mailing list > > [email protected] > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net>Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
