Have you tried latest version from the trunk? Might be a bug tho, not sure, never used kannel with SSL.
Also opening sendsms script to the real world might be a not good idea. I'd code special interface for the users to communicate. 2013/1/30 Rudy Matela <[email protected]>: > Did a leap of faith and tried merging the three certificates into one > file, no success: > > http://www.digicert.com/ssl-support/pem-ssl-creation.htm > > On Tue, Jan 29, 2013 at 6:29 PM, Rudy Matela <[email protected]> wrote: >> Hello, >> >> I'm using Kannel for a while. And I'd like to activate ssl for it. >> >> I have a certificate that works well for my apache web server. It is >> made by 3 files configured on Apache as follows: >> >> SSLCertificateFile mycertificatefile.crt >> SSLCertificateKeyFile myprivatekey.key >> SSLCertificateChainFile myintermediate.ca.pem >> SSLCACertificateFile myca.pem >> >> As you can see, to make it work, I had to add an intermediate >> certificate chain file. And a CA certificate file. There is no option >> for that on Kannel. Is there a way to add that? Maybe put the contents >> of myca and myintermediate inside mycertificate. Has anyone tried >> that? >> >> My wget works my website: >> >> wget https://example.com >> >> but it does not work on kannel: >> >> wget https://example.com:13013/send-sms >> --2013-01-29 18:12:41-- https://example.com:13013/send-sms >> Resolving example.com (example.com)... 127.0.0.1 >> Connecting to example.com (example.com)|127.0.0.1|:13013... connected. >> ERROR: cannot verify example.com's certificate, issued by >> ‘/C=IL/O=SomeIssuer Ltd. Primary Intermediate Server CA’: >> Unable to locally verify the issuer's authority. >> To connect to example.com insecurely, use `--no-check-certificate'. >> >> Regards, >> Rudy >> >> PS: >> I've already configured my keys and HTTP access. >> >> group = core >> ssl-server-key-file = "/etc/ssl/private/mycertificate.crt" >> ssl-server-cert-file = "/etc/ssl/certs/myprivatekey.crt" >> admin-port-ssl = true >> >> group = smsbox >> sendsms-port-ssl = true >> >> Also, my web browser already recognizes the keys without the need to >> configure the Intermediate Server CA (since it trusts the authority of >> the issues). Wget (and a bunch of other client libs) do not, and >> expect the web server to respond indicating a intermediate server CA. >> >> PS2: >> >> Did some research already but found nothing here in the list. >> >> Regards, >> Rudy >
