[Freeswitch-users] Need help setting up Freeswitch with commercial SSL certificate

Tim Smith gb10hkzo-fs1 at yahoo.co.uk
Tue Aug 26 17:12:48 MSD 2014


Hi,

The story so far :

• I've installed new certs
• checked config in vars.xml is pointing to the right place
• restarted freeswitch entirely
• it is still using some sort of internal certificates ?? cafile and agent contain my certs and not those referred to in the openssl output ?? 

What am I missing ??

Thanks 

Tim



FreeSWITCH Version 1.4.8+git~20140821T185758Z~1fe89f530f~64bit (git 1fe89f5 2014-08-21 18:57:58Z 64bit)


/usr/local/freeswitch/conf/ssl# openssl verify -CAfile cafile.pem agent.pem
agent.pem: OK

/usr/local/freeswitch/conf# cat vars.xml | grep ssl
     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>

$ openssl s_client -showcerts -connect my.server:5061
CONNECTED(00000003)
depth=0 /C=US/CN=FreeSWITCH
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/CN=FreeSWITCH
verify return:1
---
Certificate chain
 0 s:/C=US/CN=FreeSWITCH
   i:/C=US/CN=FreeSWITCH
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/CN=FreeSWITCH
issuer=/C=US/CN=FreeSWITCH
---
No client certificate CA names sent
---
SSL handshake has read 615 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx: 
    Master-Key:
    Key-Arg   : None
    Start Time:
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---




Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list