[Freeswitch-users] Freeswitch + TLS with a commercial certificate

Bob Hartwig bobjects at gmail.com
Fri Jan 3 08:38:32 MSK 2014


Did you really do "cat keyfile certfile > agent.pem", or did you do "cat
keyfile certfile >> agent.pem"?  Check to see if both the key and cert are
present in agent.pem.

    Bob



On Thu, Jan 2, 2014 at 12:23 PM, Iskren Hadzhinedev <
iskren.hadzhinedev at ikiji.com> wrote:

>  Greetings.
>
> I'm unable to setup TLS and SRTP. I have a valid certificate from
> GlobalSign and my setup is currently the following:
>
> My certificate and key (merged with cat keyfile certfile > agent.pem) in
> /opt/freeswitch/conf/ssl/agent.pem
>
> The GlobalSign root certificate is in /opt/freeswitch/conf/ssl/cafile.pem
>
>
>
> I edited vars.xml as instructed from
> http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration
>
> I tried running with tlsv1 and sslv23 in vars.xml, verified that FS is
> listening on ports 5061 and 5081 with netstat -nltp | grep freeswitch
>
> Also I get TLS listeners with "sofia status" so it should be working.
> Connecting to ports 5061 and 5081 with openssl s_client connect
> freeswitch.lan:<port> is successful,
>
> but I get a 'Verify return code: 21 (unable to verify the first
> certificate)'. Running nginx with the agent.pem as a certificate is working
> without any issues.
>
> When I try to connect to Freeswitch via TLS with Bria and Linphone 3.6.1 I
> get errors 408 or 503 and I don't see any output into the freeswitch
> console where I enabled sofia siptrace globally.
>
>
>
> What is the correct way to setup Freeswitch with a commercial certificate
> in order to enable TLS and SRTP ?
>
> Thank you!
>
>
>
> Kind regards,
>
> --
>
> Iskren Hadzhinedev
>
> System Administrator
>
>
>
> The Idea Factory | 20 Mearns Street | Aberdeen | AB11 5AT | UK
>
> T: 01224 607500
>
> VAT Reg No: 982 4936 74. Company registered in Scotland, SC237116
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140102/6e505e9c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 4641 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140102/6e505e9c/attachment.png 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list