[Freeswitch-users] tls ca setup

Mitch Capper mitch.capper at gmail.com
Mon Jul 2 18:26:45 MSD 2012


Thanks will get a patch on JIRA for it.

~Mitch

On Sun, Jul 1, 2012 at 7:09 PM, Alexandre Fiori <fiorix at gmail.com> wrote:
>
> Bria 3 suddenly stopped working on my mac, reporting this:
>
>   All accounts failed to enable
>
>   Account: test could not be enabled.
>   Problem at server, error 503. Try again later.
>
> Nothing shows up on fs_cli, but tcpdump shows traffic. Changing sofia to
> loglevel 9 gives me this:
>
>   tport_wakeup_pri(0x164dbd0): events IN
>   tport_alloc_secondary(0x164dbd0): new secondary tport 0x7f39b9acce80
>   tport_tls_accept(0x7f39b9acce80): new connection from
> tls/x.x.x.x:33351/sips
>   tls_connect(0x7f39b9acce80): events NEGOTIATING
>   tls_connect(0x7f39b9acce80): events NEGOTIATING
>   tls_connect(0x7f39b9acce80): TLS setup failed
> (error:00000001:lib(0):func(0):reason(1))
>   tport_close(0x7f39b9acce80): tls/x.x.x.x:33351/sips
>
> This is not a happy Canada day, where's my phone? It turns out the
> self-signed root CA generated by `gentls_cert setup` has expired.
> How I figured it out? First, on the server:
>
>   # openssl x509 -noout -in /opt/freeswitch/conf/ssl/CA/cacert.pem -dates
>   notBefore=Jun  2 01:44:26 2012 GMT
>   notAfter=Jul  1 01:44:26 2012 GMT
>
> Second, because I opened https://my-server:5061 on Safari and got a "This
> certificate is not valid (expired root)".
>
> It seems the script is missing `-days`,
> here: http://git.freeswitch.org/git/freeswitch/tree/scripts/gentls_cert.in#n83
> Manually adding it fixed the problem.
>
>
> --
> Ship, ahoy! Hast seen the White Whale?
>   - Cap'n Ahab
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list