[Freeswitch-users] Need help setting up Freeswitch with commercial SSL certificate

Tim Smith randomdev4 at gmail.com
Tue Aug 26 21:07:44 MSD 2014


Hi Steven,

As you can see, per default config, the only place "tls-cert-der" is
mentioned is commented out.  I don't have it in any individual profiles
either....

/usr/local/freeswitch/conf$  find . -name '*.xml' -print0 | xargs -0 grep
'tls-cert-dir'
./sip_profiles/internal.xml:    <!--<param name="tls-cert-dir" value=""/>-->
./sip_profiles/external.xml:    <!--<param name="tls-cert-dir" value=""/>-->


Tim


On 26 August 2014 17:50, Steven Ayre <steveayre at gmail.com> wrote:

> Check the tls-cert-dir parameter of the SIP profile. Those are only
> setting variables, they may or may not be used by the actual profile.
>
>
> On 26 August 2014 14:12, Tim Smith <gb10hkzo-fs1 at yahoo.co.uk> wrote:
>
>> Hi,
>>
>> The story so far :
>>
>> • I've installed new certs
>> • checked config in vars.xml is pointing to the right place
>> • restarted freeswitch entirely
>> • it is still using some sort of internal certificates ?? cafile and
>> agent contain my certs and not those referred to in the openssl output ??
>>
>> What am I missing ??
>>
>> Thanks
>>
>> Tim
>>
>>
>>
>> FreeSWITCH Version 1.4.8+git~20140821T185758Z~1fe89f530f~64bit (git
>> 1fe89f5 2014-08-21 18:57:58Z 64bit)
>>
>>
>> /usr/local/freeswitch/conf/ssl# openssl verify -CAfile cafile.pem
>> agent.pem
>> agent.pem: OK
>>
>> /usr/local/freeswitch/conf# cat vars.xml | grep ssl
>>      valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
>>   <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>>   <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
>>   <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
>>   <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
>>
>> $ openssl s_client -showcerts -connect my.server:5061
>> CONNECTED(00000003)
>> depth=0 /C=US/CN=FreeSWITCH
>> verify error:num=18:self signed certificate
>> verify return:1
>> depth=0 /C=US/CN=FreeSWITCH
>> verify return:1
>> ---
>> Certificate chain
>>  0 s:/C=US/CN=FreeSWITCH
>>    i:/C=US/CN=FreeSWITCH
>> -----BEGIN CERTIFICATE-----
>> -----END CERTIFICATE-----
>> ---
>> Server certificate
>> subject=/C=US/CN=FreeSWITCH
>> issuer=/C=US/CN=FreeSWITCH
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 615 bytes and written 328 bytes
>> ---
>> New, TLSv1/SSLv3, Cipher is AES256-SHA
>> Server public key is 1024 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>>     Protocol  : TLSv1
>>     Cipher    : AES256-SHA
>>     Session-ID:
>>     Session-ID-ctx:
>>     Master-Key:
>>     Key-Arg   : None
>>     Start Time:
>>     Timeout   : 300 (sec)
>>     Verify return code: 18 (self signed certificate)
>> ---
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> 
>> 
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140826/3f8f15de/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list