[Freeswitch-users] tls ca setup
Alexandre Fiori
fiorix at gmail.com
Mon Jul 2 06:09:38 MSD 2012
Bria 3 suddenly stopped working on my mac, reporting this:
All accounts failed to enable
Account: test could not be enabled.
Problem at server, error 503. Try again later.
Nothing shows up on fs_cli, but tcpdump shows traffic. Changing sofia to loglevel 9 gives me this:
tport_wakeup_pri(0x164dbd0): events IN
tport_alloc_secondary(0x164dbd0): new secondary tport 0x7f39b9acce80
tport_tls_accept(0x7f39b9acce80): new connection from tls/x.x.x.x:33351/sips
tls_connect(0x7f39b9acce80): events NEGOTIATING
tls_connect(0x7f39b9acce80): events NEGOTIATING
tls_connect(0x7f39b9acce80): TLS setup failed (error:00000001:lib(0):func(0):reason(1))
tport_close(0x7f39b9acce80): tls/x.x.x.x:33351/sips
This is not a happy Canada day, where's my phone? It turns out the self-signed root CA generated by `gentls_cert setup` has expired.
How I figured it out? First, on the server:
# openssl x509 -noout -in /opt/freeswitch/conf/ssl/CA/cacert.pem -dates
notBefore=Jun 2 01:44:26 2012 GMT
notAfter=Jul 1 01:44:26 2012 GMT
Second, because I opened https://my-server:5061 on Safari and got a "This certificate is not valid (expired root)".
It seems the script is missing `-days`, here: http://git.freeswitch.org/git/freeswitch/tree/scripts/gentls_cert.in#n83
Manually adding it fixed the problem.
--
Ship, ahoy! Hast seen the White Whale?
- Cap'n Ahab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120701/e1b5070a/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list