[Freeswitch-users] tls ca setup
Mitch Capper
mitch.capper at gmail.com
Mon Jul 2 18:26:45 MSD 2012
Thanks will get a patch on JIRA for it.
~Mitch
On Sun, Jul 1, 2012 at 7:09 PM, Alexandre Fiori <fiorix at gmail.com> wrote:
>
> Bria 3 suddenly stopped working on my mac, reporting this:
>
> All accounts failed to enable
>
> Account: test could not be enabled.
> Problem at server, error 503. Try again later.
>
> Nothing shows up on fs_cli, but tcpdump shows traffic. Changing sofia to
> loglevel 9 gives me this:
>
> tport_wakeup_pri(0x164dbd0): events IN
> tport_alloc_secondary(0x164dbd0): new secondary tport 0x7f39b9acce80
> tport_tls_accept(0x7f39b9acce80): new connection from
> tls/x.x.x.x:33351/sips
> tls_connect(0x7f39b9acce80): events NEGOTIATING
> tls_connect(0x7f39b9acce80): events NEGOTIATING
> tls_connect(0x7f39b9acce80): TLS setup failed
> (error:00000001:lib(0):func(0):reason(1))
> tport_close(0x7f39b9acce80): tls/x.x.x.x:33351/sips
>
> This is not a happy Canada day, where's my phone? It turns out the
> self-signed root CA generated by `gentls_cert setup` has expired.
> How I figured it out? First, on the server:
>
> # openssl x509 -noout -in /opt/freeswitch/conf/ssl/CA/cacert.pem -dates
> notBefore=Jun 2 01:44:26 2012 GMT
> notAfter=Jul 1 01:44:26 2012 GMT
>
> Second, because I opened https://my-server:5061 on Safari and got a "This
> certificate is not valid (expired root)".
>
> It seems the script is missing `-days`,
> here: http://git.freeswitch.org/git/freeswitch/tree/scripts/gentls_cert.in#n83
> Manually adding it fixed the problem.
>
>
> --
> Ship, ahoy! Hast seen the White Whale?
> - Cap'n Ahab
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list