Hi Bogdan, Thanks for your response to my earlier query. Im now trying to convert from modparam based definitions to provisioning certs from the DB. I cannot find a published example of a populated DB record in the tls_mgm table. Furthermore, the online documentation has gaps regarding DB Provisioning and it also contains this error: Section 1.7.14 describes a parameter db_mode, but if you try adding this it generates an error "parameter <db_mode> not found in module"
Can you please help with an example record or at least answer these questions: a) What to put in the 'domain' field if I only want to set up one default domain. Should it be "default"? b) What are the following fields. I am not sure what they should contain: 'address', 'type', 'crl_check_all', 'crl_dir' c) How does provisioning from DB interact with provisioning from static modparam values? I got errors when I commented out modparam statements for "certificate" and "private_key" because the module was still looking for the "default" files, even though I am now provisioning from the DB. This means there is now ambiguity - certificates are defined both in files in modparam and also in blob fields in the DB. I assume the blob fields 'certificate', 'private_key' and 'ca_list' must contain the contents of the certificate, not the path to the file. This means I'll need to write a script to copy these data from the renewed LetsEncrypt certificates before issuing the MI reload command. By the way, the online module documentation for tls_mgm has a duplicate section - 1.7.18 is same as 1.7.19 John Quick Smartvox Limited > Bogdan-Andrei Iancu bogdan at opensips.org > Thu Jul 26 07:56:18 EDT 2018 > Hi John, When the cert is configured via modparam, the cert is loaded on startup by OpenSIPS, so any renewal of the cert will have 0 impact on OpenSIPS - so you will have to restart after each renewal. > I suggest you to provision the certs via DB (and not script), so you can do a reload after renewal, with any need to restart opensips. > Regards, Bogdan-Andrei Iancu _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
