[Freeswitch-users] Help!! FS -TLS interworking issue, How to config to allow "gentls_cert" to generate a root certificate with more longer valid-period ?

Mitch Capper mitch.capper at gmail.com
Wed Aug 1 20:00:45 MSD 2012


To make it easier I put up a version anyone can grab and it won't
trample your existing FS data (installs certs to /tmp/fs_test):
wget http://mitchcapper.com/gentls_cert && chmod +x gentls_cert
./gentls_cert setup && ./gentls_cert create_server
openssl x509 -noout -in /tmp/fs_test/agent.pem  -enddate
openssl x509 -noout -in /tmp/fs_test/cafile.pem  -enddate


Once done just rm /tmp/fs_test  and genttls_cert and there will be
nothing remaining from the test.
~Mitch



On Wed, Aug 1, 2012 at 8:46 AM, Mitch Capper <mitch.capper at gmail.com> wrote:
> Is anyone else able to confirm a problem on CentOS 5.7 with the
> genttls_cert from head?    I have tried it on CentOS 6 and some pre 5
> fedora boxes that all seem to work correctly but I do not have any
> running CentOS 5.  To test run:
> ./gentls_cert setup && ./gentls_cert create_server
> openssl x509 -noout -in /usr/local/freeswitch/conf/ssl/agent.pem  -enddate
> openssl x509 -noout -in /usr/local/freeswitch/conf/ssl/cafile.pem  -enddate
>
> The date should be in 2018.
>
> if you get any errors please let us know the error.
>
> ~Mitch
>
> On Wed, Aug 1, 2012 at 8:12 AM, Jerry Richards
> <jerry.richards at teotech.com> wrote:
>> The platform Robert and I are using is CentOS 5.7.
>>
>> Jerry
>>
>> -----Original Message-----
>> From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Mitch Capper
>> Sent: Wednesday, August 01, 2012 7:57 AM
>> To: FreeSWITCH Users Help
>> Subject: Re: [Freeswitch-users] Help!! FS -TLS interworking issue, How to config to allow "gentls_cert" to generate a root certificate with more longer valid-period ?
>>
>> The changes to the attached genttls script verse headis the DAYS was
>> set to 365 instead of 2190 (6 years).   In addition the days variable
>> was quoted in two places it was not quoted.   6 years should not be
>> the cause of any problems so we are left with the quoting.   I tested
>> across 4 platforms without finding the quoting to be an issue.
>>
>> Robert can you let us know what platform has an issue with the days param not being quoted for days = 2190?
>>
>> ~mitch
>>
>> On Mon, Jul 30, 2012 at 10:07 AM, Michael Collins <msc at freeswitch.org> wrote:
>>>
>>>
>>> On Mon, Jul 30, 2012 at 9:28 AM, Robert Hadley
>>> <robert.hadley at teotech.com>
>>> wrote:
>>>>
>>>> Hi Charles,
>>>>
>>>>
>>>>
>>>> Try the changes in this attached freeswitch/scripts/gentls_cert.in file.
>>>> There were a few typos in the original script.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Robert
>>>
>>>
>>> I'd like to verify that those typos are indeed really typos and are
>>> really fixed. If anyone has input on them please let me know and I
>>> will see about getting the gentls_cert.in file updated. I definitely
>>> would like to see this tested before we make any updates.
>>>
>>> Thanks,
>>> MC
>>>
>>> ______________________________________________________________________
>>> ___ Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> Join Us At ClueCon - Aug 7-9, 2012
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-use
>>> rs
>>> http://www.freeswitch.org
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>  
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list