[Freeswitch-users] tls with letsencrypt

ITwrx.org info at itwrx.org
Thu Jan 5 23:55:02 MSK 2017


hi,

i'm trying to use a letsencrypt generated cert with freeswitch but am
not sure how to proceed. I've read the old and new wiki posts concerning
tls but they don't seem to cover my exact scenario. It seems to me that
freeswitch is looking into the configured "tls-cert-dir" for the
hardcoded filename tls.pem and is expecting that a self generated ca has
signed it. i have placed the fullchain.pem in that directory (generated
with certbot) and have renamed it tls.pem but i guess it's not finding
the CA sig it expects(?) as i'm getting:

tport_tls.c:1044 tls_connect() tls_connect(0x373c000e8d0): TLS setup
failed (error:00000005:lib(0):func(0):DH lib)

when trying to connect with csipsimple from phone. I would like to avoid
generating client certs signed by a custom CA where users have to copy
the client cert and ca cert to their device as it adds complexity and
problems. Is there a workaround or suggested method for using a
letsencrypt cert with freeswitch so that clients like csipsimple can
just validate against their built-in CA store?

thanks in advance,
ITwrx

-- 
Information Technology Works
https://ITwrx.org
@ITwrxorg




Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list