Have you tried latest version from the trunk?

Might be a bug tho, not sure, never used kannel with SSL.

Also opening sendsms script to the real world might be a not good
idea. I'd code special interface for the users to communicate.

2013/1/30 Rudy Matela <[email protected]>:
> Did a leap of faith and tried merging the three certificates into one
> file, no success:
>
> http://www.digicert.com/ssl-support/pem-ssl-creation.htm
>
> On Tue, Jan 29, 2013 at 6:29 PM, Rudy Matela <[email protected]> wrote:
>> Hello,
>>
>> I'm using Kannel for a while. And I'd like to activate ssl for it.
>>
>> I have a certificate that works well for my apache web server. It is
>> made by 3 files configured on Apache as follows:
>>
>> SSLCertificateFile mycertificatefile.crt
>> SSLCertificateKeyFile myprivatekey.key
>> SSLCertificateChainFile myintermediate.ca.pem
>> SSLCACertificateFile myca.pem
>>
>> As you can see, to make it work, I had to add an intermediate
>> certificate chain file. And a CA certificate file. There is no option
>> for that on Kannel. Is there a way to add that? Maybe put the contents
>> of myca and myintermediate inside mycertificate. Has anyone tried
>> that?
>>
>> My wget works my website:
>>
>> wget https://example.com
>>
>> but it does not work on kannel:
>>
>> wget https://example.com:13013/send-sms
>> --2013-01-29 18:12:41--  https://example.com:13013/send-sms
>> Resolving example.com (example.com)... 127.0.0.1
>> Connecting to example.com (example.com)|127.0.0.1|:13013... connected.
>> ERROR: cannot verify example.com's certificate, issued by
>> ‘/C=IL/O=SomeIssuer Ltd. Primary Intermediate Server CA’:
>>   Unable to locally verify the issuer's authority.
>> To connect to example.com insecurely, use `--no-check-certificate'.
>>
>> Regards,
>> Rudy
>>
>> PS:
>> I've already configured my keys and HTTP access.
>>
>> group = core
>> ssl-server-key-file = "/etc/ssl/private/mycertificate.crt"
>> ssl-server-cert-file = "/etc/ssl/certs/myprivatekey.crt"
>> admin-port-ssl = true
>>
>> group = smsbox
>> sendsms-port-ssl = true
>>
>> Also, my web browser already recognizes the keys without the need to
>> configure the Intermediate Server CA (since it trusts the authority of
>> the issues). Wget (and a bunch of other client libs) do not, and
>> expect the web server to respond indicating a intermediate server CA.
>>
>> PS2:
>>
>> Did some research already but found nothing here in the list.
>>
>> Regards,
>> Rudy
>

Reply via email to