[Freeswitch-users] Need help setting up Freeswitch with commercial SSL certificate
Tim Smith
gb10hkzo-fs1 at yahoo.co.uk
Tue Aug 26 17:12:48 MSD 2014
Hi,
The story so far :
• I've installed new certs
• checked config in vars.xml is pointing to the right place
• restarted freeswitch entirely
• it is still using some sort of internal certificates ?? cafile and agent contain my certs and not those referred to in the openssl output ??
What am I missing ??
Thanks
Tim
FreeSWITCH Version 1.4.8+git~20140821T185758Z~1fe89f530f~64bit (git 1fe89f5 2014-08-21 18:57:58Z 64bit)
/usr/local/freeswitch/conf/ssl# openssl verify -CAfile cafile.pem agent.pem
agent.pem: OK
/usr/local/freeswitch/conf# cat vars.xml | grep ssl
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
$ openssl s_client -showcerts -connect my.server:5061
CONNECTED(00000003)
depth=0 /C=US/CN=FreeSWITCH
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/CN=FreeSWITCH
verify return:1
---
Certificate chain
0 s:/C=US/CN=FreeSWITCH
i:/C=US/CN=FreeSWITCH
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/CN=FreeSWITCH
issuer=/C=US/CN=FreeSWITCH
---
No client certificate CA names sent
---
SSL handshake has read 615 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Start Time:
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list