[Freeswitch-users] FS with SSL/TLS issues!

adahary adahary at gmail.com
Sun Nov 10 20:52:01 MSK 2013


Brian,

In this session you adviced to use StartSSL to simplify the clients TLS
connection to FS.
"cat the key and the cert into agent.pem and the chain cert into cafile.pem
and fire it up... "

I'm already using StartSSL for my HTTPS web site and would like to use it as
well for my FS server.

I have the following files:
In /etc/pki/tls/private/:
my.key (my server domain key)
my.csr

In /etc/pki/tls/certs/:
my.crt  (generated by startssl from my.key & my.csr)
ca.pem  (from startssl site)
sub.class1.server.ca.pem  (from startssl site)

I've follow your suggestion and did the following:
cat my.key my.crt > agent.pem
cat ca.pem sub.class1.server.ca.pem > cafile.pem.
restarted the server and sucessfuly reloaded mod_sofia (no errors).

I've setup FS vars&sip_prfile.
I use CSipSimple with TLS/Sips config (I've verified that StartSSL is on the
CA list).

Unfortunatly, I keep getting this error:

tport_tls.c:869 tls_connect() tls_connect(0xb780bff8): events NEGOTIATING
tport_tls.c:869 tls_connect() tls_connect(0xb780bff8): events NEGOTIATING
tport_tls.c:958 tls_connect() tls_connect(0xb780bff8): TLS setup failed
(error:00000001:lib(0):func(0):reason(1)).

Please advice how to setup the StartSSL files correctly for the client to
connect over TLS.

thanks

Assaf




--
View this message in context: http://freeswitch-users.2379917.n2.nabble.com/FS-with-SSL-TLS-issues-tp7587736p7595985.html
Sent from the freeswitch-users mailing list archive at Nabble.com.



Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list