[Freeswitch-users] Need help setting up Freeswitch with commercial SSL certificate

Steven Ayre steveayre at gmail.com
Tue Aug 26 20:50:43 MSD 2014


Check the tls-cert-dir parameter of the SIP profile. Those are only setting
variables, they may or may not be used by the actual profile.


On 26 August 2014 14:12, Tim Smith <gb10hkzo-fs1 at yahoo.co.uk> wrote:

> Hi,
>
> The story so far :
>
> • I've installed new certs
> • checked config in vars.xml is pointing to the right place
> • restarted freeswitch entirely
> • it is still using some sort of internal certificates ?? cafile and agent
> contain my certs and not those referred to in the openssl output ??
>
> What am I missing ??
>
> Thanks
>
> Tim
>
>
>
> FreeSWITCH Version 1.4.8+git~20140821T185758Z~1fe89f530f~64bit (git
> 1fe89f5 2014-08-21 18:57:58Z 64bit)
>
>
> /usr/local/freeswitch/conf/ssl# openssl verify -CAfile cafile.pem agent.pem
> agent.pem: OK
>
> /usr/local/freeswitch/conf# cat vars.xml | grep ssl
>      valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
>   <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>   <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
>   <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
>   <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
>
> $ openssl s_client -showcerts -connect my.server:5061
> CONNECTED(00000003)
> depth=0 /C=US/CN=FreeSWITCH
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=US/CN=FreeSWITCH
> verify return:1
> ---
> Certificate chain
>  0 s:/C=US/CN=FreeSWITCH
>    i:/C=US/CN=FreeSWITCH
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> ---
> Server certificate
> subject=/C=US/CN=FreeSWITCH
> issuer=/C=US/CN=FreeSWITCH
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 615 bytes and written 328 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : AES256-SHA
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     Key-Arg   : None
>     Start Time:
>     Timeout   : 300 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140826/5ff8be85/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list