Hi George, here it is. Seems OK but I don't know whether it needs/puts the (new or old) keys from the primary in the tar as well. In the /var/sipxdata/certdb are still the old primary keys that expired (gssipx02.internal.epo.org.crt). In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid. If it packs gssipx02.internal.epo.org then it packs old stuff........ .........checked the file, there are only valid certs for the ca and the box itself, file attached.
Paul George Niculae <[email protected]> wrote on 17-08-2012 09:12:45: > > Hi George, still not ok... > > > > I deleted the contents of the first 2 directories on the secondaries. > > The /var/sipxdata/certdb only exists on the master. > > First I only deleted the certs of the secondaries there, no success, still > > error when sending profiles. > > Then I deleted (backed up) also the rest of the files, no success. > > The secondary could no longer download the tar. > > Then I copied the new ca files (found in the directory where the keys for > > the secondary were generated by me) into the certdb directory > > I had only 4 files instead of 5, the .der file was missing (crt, csr, ser > > and key are the others) > > Again tar not downloadable: > > Invalid configuration returned from > > https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org > > exception tarfile.ReadError > > file could not be opened successfully > > headers > > Date: Thu, 16 Aug 2012 23:46:38 GMT > > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386 > > java/1.6.0_19^M > > Expires: 0^M > > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M > > Cache-Control: must-revalidate, post-check=0, pre-check=0^M > > Pragma: public^M > > Content-Disposition: attachment; > > filename="th.internal.epo.org.tar.gz"^M > > Content-Type: text/html^M > > Content-Length: 1282^M > > Connection: close^M > > > > #OK# > > > > Contact gssipx02.internal.epo.org > > > > I added sipxconfig.log again. > > If you have a suggestion then I would be happy. > > > > That's a problem with initial archive configuration could you manually run > > /usr/libexec/sipXecs/initial-config {location.fqdn} > > and check output? (make sure that you don't have any space in > hostnames after re adding servers, you could hit > http://track.sipfoundry.org/browse/XX-10183) > > George > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/
[root@gssipx02 sipXecs]# ./initial-config th.internal.epo.org `/etc/sipxpbx/domain-config' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/domain-config' `/etc/sipxpbx/sipxsupervisor-config' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/sipxsupervisor-config' NOT generating DNS record for secondary server Generating resolver configuration for secondary server by copying from master We need some information from you to generate the certificates: Country Name (2 letter code): US State or Province Name (full name): AnyState Locality Name (eg, city): AnyTown Organization Name (eg, company): internal.epo.org Organization Unit Name (eg, section): sipXecs ______________________________________________________________________ Identifying information for your private Certificate Authority (CA) CA Common Name: ca.gssipx02.internal.epo.org Email Contact Address for CA ([email protected]): [email protected] ______________________________________________________________________ Identifying information for the server: Full DNS name for the server: th.internal.epo.org ______________________________________________________________________ Identifying information for the SIP domain: SIP domain name: th.internal.epo.org Email Contact Address ([email protected]): [email protected] 2048 semi-random bytes loaded Generating server certificate request [th.internal.epo.org] ______________________________________________________________________ Generating RSA private key for server (1024 bit) 2048 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ...............++++++ ...++++++ e is 65537 (0x10001) ______________________________________________________________________ Generating X.509 certificate signing request for 'th.internal.epo.org' ______________________________________________________________________ Generating X.509 certificate signed by ca.gssipx02.internal.epo.org Signature ok subject=/C=US/ST=AnyState/L=AnyTown/O=internal.epo.org/OU=sipXecs/CN=th.internal.epo.org/[email protected] Getting CA Private Key ______________________________________________________________________ Generating PKCS#12 package To install your certificate, run the following command as root on the server: /usr/local/sipx/bin/ssl-cert/install-cert.sh Checking the 'th.internal.epo.org' certificate Installing 'ca.gssipx02.internal.epo.org.crt' certificate as a trusted CA `ca.gssipx02.internal.epo.org.crt' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/authorities/ca.gssipx02.internal.epo.org.crt' hashing /var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/authorities ca.gssipx02.internal.epo.org.crt => c6310ad2.0 Installing the 'th.internal.epo.org' certificate (pem format) `th.internal.epo.org.crt' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/ssl.crt' Installing the 'th.internal.epo.org' private key `th.internal.epo.org.key' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/ssl.key' Generating web cert automatically `th.internal.epo.org.crt' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/ssl-web.crt' Installing the 'th.internal.epo.org' private key `th.internal.epo.org.key' -> `/var/sipxdata/tmp/initial-config/th.internal.epo.org/etc/sipxpbx/ssl/ssl-web.key' Your TLS/SSL security is now configured. Your server certificate will expire Aug 17 07:47:07 2015 GMT. [root@gssipx02 sipXecs]#
th.internal.epo.org.tar.gz
Description: Binary data
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
