OK so I did the following: Removed everything from /var/sipxdata/certdb except SSL_DEFAULTS and rnd_seed Stopped sipX
Ran /usr/bin/ssl-cert/gen-ssl-keys.sh Ran /usr/bin/ssl-cert/install-cert.sh Started sipX Now the certificate authority is correct but I'm still having SSL issues. Here's what's not working as a result of this: Voicemail deposit (call 8+ext, silence is heard for 1 second and call is disconnected. No prompts.) RLS (service will completely fill up RAM if not killed. Sucker had 13 GB RAM and 4 GB swap filled up by this morning) Adding redundant servers (servers show green checkmarks next to their services but registrations do not propagate between servers) Any insight at this point would be greatly appreciated. I've prepared my boss that we'll probably have to create an open purchase order for hourly support if I can't get this thing going by this afternoon (hey, we did it for our legacy PBX, no reason why we shouldn't be able to for this). Josh Patten Brazos County Network Engineer 979.361.4676 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh M. Patten Sent: Sunday, May 15, 2011 10:27 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead # keytool -list -v -keystore authorities.jks Enter keystore password: changeit Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: commons-ssl-0 Creation date: May 15, 2011 Entry type: trustedCertEntry Owner: [email protected], CN=ca.it.ippbx.co.brazos.tx.us, OU=sipXecs, O=ippbx.co.brazos.tx.us, L=AnyTown, ST=AnyState, C=US Issuer: [email protected], CN=ca.it.ippbx.co.brazos.tx.us, OU=sipXecs, O=ippbx.co.brazos.tx.us, L=AnyTown, ST=AnyState, C=US Serial number: 13c8f89 Valid from: Thu Jun 11 19:41:31 CDT 2009 until: Sun Jun 09 19:41:31 CDT 2019 Certificate fingerprints: MD5: 1D:7A:92:F4:46:6F:68:99:EC:7C:7C:1B:45:D6:A7:34 SHA1: CD:02:A5:11:D4:70:C1:56:FD:75:D0:C8:DA:05:74:61:FE:63:2D:88 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:0 ] #2: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL CA ] #3: ObjectId: 2.16.840.1.113730.1.13 Criticality=false ******************************************* ******************************************* It appears my assumption might be correct. That CA is from when this system was originally built and I think the SSL certs being created are based on a different CA. So how do I go about taking the CA that /bin/ssl-cert/gen-ssl-keys.sh creates and putting it into place? Josh Patten Brazos County Network Engineer 979.361.4676 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh M. Patten Sent: Sunday, May 15, 2011 10:07 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead All files have correct permissions. I'm starting to think this is an issue with the CA because I'm noticing that while the certificate files are changing the CA is still the original one. Josh Patten Brazos County Network Engineer 979.361.4676 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of George Niculae Sent: Sunday, May 15, 2011 2:31 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead Just to be sure is not the same issue I've noticed some time ago - could you check the permissions of sipXecs files? I've seen something similar after an update when files permission was changed to root:root... On Sunday, May 15, 2011, Josh M. Patten <[email protected]> wrote: > > > > > > > It wasn't but I installed it shortly after upgrading. I was one of the > installs that had the RPM dependency problem relating to the g729 passthrough > RPM that required removing that RPM (happened to other people on this list) > which in turn removed the sipxecs pseudopackage. Once I reinstalled the > pseudopackage sipxacccode was installed. > > > > From: [email protected] > [[email protected]] on behalf of Tony Graziano > [[email protected]] > Sent: Saturday, May 14, 2011 9:23 PM > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] 4.4 sipXrls dead > > > > is sipxacccode rpm installed? > > On Sat, May 14, 2011 at 9:47 PM, Josh M. Patten > <[email protected]> wrote: > > > > I've attached the last 500 lines of my sipxsupervisor.log (looks > nothing like that) > > Basically it's telling me what I already know, that SSL is borked. I just > don't really know how to fix it. I've tried the normal methods and they didnt > work. > > > > From: > [email protected] > [[email protected]] on behalf of Tony Graziano > [[email protected]] > > Sent: Saturday, May 14, 2011 8:41 PM > > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] 4.4 sipXrls dead > > > > > > > does your issue resemble these messages? > http://track.sipfoundry.org/secure/attachment/19154/sipxsupervisor.log > On May 14, 2011 9:32 PM, "Josh M. Patten" <[email protected]> wrote: >> All packages are 4.4.0-192 or 4.4.0-202 >> >> Verified with both yum and rpm -qa >> ________________________________ >> From: [email protected] >> [[email protected]] on behalf of Tony > Graziano [[email protected]] >> Sent: Saturday, May 14, 2011 8:21 PM >> To: Discussion list for users of sipXecs software >> Subject: Re: [sipx-users] 4.4 sipXrls dead >> >> >> sipxconfig gui is functional so port 8443 is reachable. did you check ans >> make sure all your packages updated and that you don't have two versions of >> one package either? >> >> On May 14, 2011 9:12 PM, "Josh M. Patten" >> <[email protected]<mailto:[email protected]>> wrote: > > > > > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: > http://list.sipfoundry.org/archive/sipx-users/ > > > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.326.5325 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > > Helpdesk Contract Customers: > http://support.myitdepartment.net > > > <http://support.myitdepartment.net>Blog: > http://blog.myitdepartment.net > > > Linked-In Profile: http://www.l > <http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4> > > > > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
