[Freeswitch-users] Freeswitch + TLS with a commercial certificate

[Iskren Hadzhinedev]

Greetings.
I'm unable to setup TLS and SRTP. I have a valid certificate from GlobalSign and my setup is currently the following:
My certificate and key (merged with cat keyfile certfile > agent.pem) in /opt/freeswitch/conf/ssl/agent.pem
The GlobalSign root certificate is in /opt/freeswitch/conf/ssl/cafile.pem

I edited vars.xml as instructed from http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration
I tried running with tlsv1 and sslv23 in vars.xml, verified that FS is listening on ports 5061 and 5081 with netstat -nltp | grep freeswitch
Also I get TLS listeners with "sofia status" so it should be working. Connecting to ports 5061 and 5081 with openssl s_client connect freeswitch.lan:<port> is successful,
but I get a 'Verify return code: 21 (unable to verify the first certificate)'. Running nginx with the agent.pem as a certificate is working without any issues.
When I try to connect to Freeswitch via TLS with Bria and Linphone 3.6.1 I get errors 408 or 503 and I don't see any output into the freeswitch console where I enabled sofia siptrace globally.

What is the correct way to setup Freeswitch with a commercial certificate in order to enable TLS and SRTP ?
Thank you!

Kind regards,
-- 
Iskren Hadzhinedev
System Administrator


The Idea Factory | 20 Mearns Street | Aberdeen | AB11 5AT | UK
T: 01224 607500
VAT Reg No: 982 4936 74. Company registered in Scotland, SC237116
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140102/00a547da/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 4641 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140102/00a547da/attachment-0001.png