On Fri, Aug 17, 2012 at 11:06 AM, <[email protected]> wrote:
> Hi George, here it is.
>
> Seems OK but I don't know whether it needs/puts the (new or old) keys from
> the primary in the tar as well.
> In the /var/sipxdata/certdb are still the old primary keys that expired
> (gssipx02.internal.epo.org.crt).
Ah, this seems to be the issue, how did you regenerate keys on
primary? That should be the correct procedure (noticed on step 2
deleting certdb as well):
1. stop all sipXecs services
2. delete all files in
/etc/sipxpbx/ssl
/etc/sipxpbx/ssl/authorities
/var/sipxdata/certdb
3. In directory /var/sipxdata/certdb
/usr/bin/ssl-cert/gen-ssl-keys.sh
chown sipxchange:sipxchange *
/usr/bin/ssl-cert/install-cert.sh
4. start sipXecs services
> In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid.
> If it packs gssipx02.internal.epo.org then it packs old stuff........
> .........checked the file, there are only valid certs for the ca and the box
> itself, file attached.
>
>
> Paul
>
> George Niculae <[email protected]> wrote on 17-08-2012 09:12:45:
>
>
>> > Hi George, still not ok...
>> >
>> > I deleted the contents of the first 2 directories on the secondaries.
>> > The /var/sipxdata/certdb only exists on the master.
>> > First I only deleted the certs of the secondaries there, no success,
>> > still
>> > error when sending profiles.
>> > Then I deleted (backed up) also the rest of the files, no success.
>> > The secondary could no longer download the tar.
>> > Then I copied the new ca files (found in the directory where the keys
>> > for
>> > the secondary were generated by me) into the certdb directory
>> > I had only 4 files instead of 5, the .der file was missing (crt, csr,
>> > ser
>> > and key are the others)
>> > Again tar not downloadable:
>> > Invalid configuration returned from
>> >
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
>
>> > exception tarfile.ReadError
>> > file could not be opened successfully
>> > headers
>> > Date: Thu, 16 Aug 2012 23:46:38 GMT
>> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
>> > java/1.6.0_19^M
>> > Expires: 0^M
>> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
>> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
>> > Pragma: public^M
>> > Content-Disposition: attachment;
>> > filename="th.internal.epo.org.tar.gz"^M
>> > Content-Type: text/html^M
>> > Content-Length: 1282^M
>> > Connection: close^M
>> >
>> > #OK#
>> >
>> > Contact gssipx02.internal.epo.org
>> >
>> > I added sipxconfig.log again.
>> > If you have a suggestion then I would be happy.
>> >
>>
>> That's a problem with initial archive configuration could you manually run
>>
>> /usr/libexec/sipXecs/initial-config {location.fqdn}
>>
>> and check output? (make sure that you don't have any space in
>> hostnames after re adding servers, you could hit
>> http://track.sipfoundry.org/browse/XX-10183
> )
>>
>> George
>
>> _______________________________________________
>> sipx-users mailing list
>> [email protected]
>> List Archive:
> http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> [email protected]
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
