[Freeswitch-docs] [Freeswitch-users] Letsencrypt and TLS
Michael Jerris
mike at jerris.com
Mon Dec 5 20:57:37 MSK 2016
Yes, this is mostly covered by this:
https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator <https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator>
Mike
> On Dec 5, 2016, at 8:23 AM, Brian West <brian at freeswitch.org> wrote:
>
> Don't we have something similar to this already in confluence?
>
>
> ---------- Forwarded message ----------
> From: Rajil Saraswat <rajil.s at gmail.com <mailto:rajil.s at gmail.com>>
> Date: Sat, Dec 3, 2016 at 6:10 PM
> Subject: Re: [Freeswitch-users] Letsencrypt and TLS
> To: freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org>
>
>
> I was able to use the Letsencrypt certificate (domain is pbx.blah.com <http://pbx.blah.com/>) using the following:
>
>
> cat /etc/letsencrypt/live/pbx.blah.com/fullchain.pem <http://pbx.blah.com/fullchain.pem> /etc/letsencrypt/live/pbx.blah.com/privkey.pem <http://pbx.blah.com/privkey.pem> > /etc/freeswitch/conf/ssl/agent.pem
>
> The root CA was DST as shown by:
> openssl x509 -in /etc/letsencrypt/live/pbx.blah.com/chain.pem <http://pbx.blah.com/chain.pem> -noout -issuer
>
> Thus the DST_Root_CA_X3.pem was obtained from:
> https://www.identrust.com/certificates/trustid/root-download-x3.html <https://www.identrust.com/certificates/trustid/root-download-x3.html>
>
> The cafile was generated using:
> cat /etc/letsencrypt/live/pbx.blah.com/chain.pem <http://pbx.blah.com/chain.pem> DST_Root_CA_X3.pem > /etc/freeswitch/conf/ssl/cafile.pem
>
> Finally checked
> # openssl verify -CAfile cafile.pem agent.pem
> agent.pem: OK
>
> Hope this is helpful to somebody.
>
> On 11/21/2016 11:09 AM, Michael Jerris wrote:
>> there are some instructions here:
>>
>> https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator <https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator>
>>
>>> On Nov 21, 2016, at 11:50 AM, Rajil Saraswat <rajil.s at gmail.com <mailto:rajil.s at gmail.com>> wrote:
>>>
>>> Hello,
>>>
>>> I have been using self generated certificates (https://wiki.freeswitch.org/wiki/SIP_TLS <https://wiki.freeswitch.org/wiki/SIP_TLS>) until now.
>>> Is it possible to use Letsencrypt generated certificates for TLS?
>>>
>>> Thanks
>>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Brian West
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
> Twitter: @FreeSWITCH , @briankwest
> http://www.freeswitchbook.com <http://www.freeswitchbook.com/> (50% Discount using code FreeSwitch50)
> http://www.freeswitchcookbook.com <http://www.freeswitchcookbook.com/> (50% Discount using code FreeSwitch50)
> https://www.gofundme.com/freeswitch_ubuntu <https://www.gofundme.com/freeswitch_ubuntu>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
> T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
> iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest
>
> _______________________________________________
> Freeswitch-docs mailing list
> Freeswitch-docs at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-docs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-docs/attachments/20161205/a601c1a8/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the Freeswitch-docs
mailing list