In addition to doing this you should also add these chain certificates to the web certificate you upload to sipxconfig. This is so that the full certificate chain can be loaded and presented to browsers. To do this simply add the intermediate certificate chains to the beginning of the web SSL cert like so:
-----BEGIN CERTIFICATE----- intermediate-cert-text-goes-here -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- 2nd-intermediate-cert-text-goes-here -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- 3rd-intermediate-cert-text-goes-here -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- SSL-cert-text-goes-here -----END CERTIFICATE----- On Fri, Apr 20, 2012 at 4:09 PM, Robert Schroeder < [email protected]> wrote: > I also had to drop the Certificate Authorities CRT files for GoDaddy of > gd-class2-root.crt, gd_intermediate.crt & gdroot-g2.crt into the( > /etc/sipxpbx/ssl/authorities ) directory. I restarted the sipxecs service > and then proceeded to add the web certificate downloaded from GoDaddy.**** > > ** ** > > sipXecs System/Certificate Authorities area would not allow me to add the > CA CRT files for GoDaddy via the web administration portal. That is why I > published the above information.**** > > ** ** > > Thanks everyone…**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Robert Schroeder > *Sent:* Friday, April 20, 2012 4:50 PM > *To:* [email protected] > > *Subject:* Re: [sipx-users] Generate CSR Question**** > > ** ** > > Yeps, no luck in the search.**** > > ** ** > > However Jim Nolen of IIPS was a great help and gave me the following > information to solve the problem.**** > > ** ** > > Edit: /usr/bin/ssl-cert/gen-ssl-keys.sh:**** > > ServerKeyBits=1024 [change to 2048]**** > > ** ** > > If I knew how to add this info to the wiki I would. Perhaps a feature > could be added to ask the user hitting the generate button if they would > like a 1024, 2048 or 4096 CSR.**** > > ** ** > > Thanks Mr. Nolen for the help (Smiles)**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Picher > *Sent:* Friday, April 20, 2012 4:35 PM > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] Generate CSR Question**** > > ** ** > > did you check the wiki?**** > > On Fri, Apr 20, 2012 at 4:21 PM, Robert Schroeder < > [email protected]> wrote:**** > > How do I change the configuration for the certificates area to generate a > 2048 bit key instead of a 1024? I have changed the openssl.cnf file in > /etc/pki/tls/ location and selected the generate button and still no 2048 > key is generated.**** > > **** > > I am sure this is an educational issue on my part.**** > > **** > > Yes I have searched the wiki site.**** > > **** > > Thanks everyone,**** > > **** > > Rob**** > > ** ** > ------------------------------ > > > NOTICE: This electronic mail message and any content within it are intended > exclusively for the individual(s) or > > entities to which it is addressed. The message, together with any attachments > and all other content, may contain > > confidential and/or privileged information. Any unauthorized review, use, > print, save, copy, disclosure or distribution > > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email > and delete all copies.**** > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/**** > > > > **** > > ** ** > > -- > Michael Picher, Director of Technical Services > eZuce, Inc.**** > > 300 Brickstone Square**** > > Suite 201**** > > Andover, MA. 01810**** > > O.978-296-1005 X2015 > M.207-956-0262 > @mpicher <http://twitter.com/mpicher> > www.ezuce.com**** > > ** ** > > > ------------------------------------------------------------------------------------------------------------ > **** > > There are 10 kinds of people in the world, those who understand binary and > those who don't.**** > > ** ** > > ** ** > ------------------------------ > > > NOTICE: This electronic mail message and any content within it are intended > exclusively for the individual(s) or > > entities to which it is addressed. The message, together with any attachments > and all other content, may contain > > confidential and/or privileged information. Any unauthorized review, use, > print, save, copy, disclosure or distribution > > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email > and delete all copies.**** > > > ------------------------------ > > NOTICE: This electronic mail message and any content within it are intended > exclusively for the individual(s) or > > entities to which it is addressed. The message, together with any attachments > and all other content, may contain > > confidential and/or privileged information. Any unauthorized review, use, > print, save, copy, disclosure or distribution > > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email > and delete all copies. > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Josh Patten eZuce Solutions Architect O.978-296-1005 X2050 M.979-574-5699 http://www.ezuce.com
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
