[Freeswitch-users] tls with letsencrypt

ITwrx.org info at itwrx.org
Fri Jan 6 05:24:29 MSK 2017 

dtls-srtp.pem,
tls.pem(the "stand in" i previously described),
and the original (could be from my old server where i set up tls
following the freeswitch wiki) tls.pem which has been renamed to
tls.pem.orig.

On 01/05/2017 06:43 PM, Brian West wrote:
> There is a lot more to it than that, what files are in that tls folder?
>
> On Thu, Jan 5, 2017 at 4:53 PM, ITwrx.org <info at itwrx.org
> <mailto:info at itwrx.org>> wrote:
>
>     i just copied the pem formatted cert that certbot generated to
>     /etc/freeswitch/tls and named it tls.pem. it's
>     freeswitch:freeswitch 660 for perms. freeswitch seems capable of
>     reading it, as the tls enabled profile starts up. i only get an
>     error in fs_cli when the csipsimple client tries to connect using tls.
>
>     thanks
>
>
>     On 01/05/2017 04:36 PM, Brian West wrote:
>>     How did you format the cert? and in what files did you put them
>>     in? and are your permissions correct on those files?
>>
>>     On Thu, Jan 5, 2017 at 2:55 PM, ITwrx.org <info at itwrx.org
>>     <mailto:info at itwrx.org>> wrote:
>>
>>         hi,
>>
>>         i'm trying to use a letsencrypt generated cert with
>>         freeswitch but am
>>         not sure how to proceed. I've read the old and new wiki posts
>>         concerning
>>         tls but they don't seem to cover my exact scenario. It seems
>>         to me that
>>         freeswitch is looking into the configured "tls-cert-dir" for the
>>         hardcoded filename tls.pem and is expecting that a self
>>         generated ca has
>>         signed it. i have placed the fullchain.pem in that directory
>>         (generated
>>         with certbot) and have renamed it tls.pem but i guess it's
>>         not finding
>>         the CA sig it expects(?) as i'm getting:
>>
>>         tport_tls.c:1044 tls_connect() tls_connect(0x373c000e8d0):
>>         TLS setup
>>         failed (error:00000005:lib(0):func(0):DH lib)
>>
>>         when trying to connect with csipsimple from phone. I would
>>         like to avoid
>>         generating client certs signed by a custom CA where users
>>         have to copy
>>         the client cert and ca cert to their device as it adds
>>         complexity and
>>         problems. Is there a workaround or suggested method for using a
>>         letsencrypt cert with freeswitch so that clients like
>>         csipsimple can
>>         just validate against their built-in CA store?
>>
>>         thanks in advance,
>>         ITwrx
>>
>>         --
>>         Information Technology Works
>>         https://ITwrx.org
>>         @ITwrxorg
>>
>>
>>         _________________________________________________________________________
>>         Professional FreeSWITCH Consulting Services:
>>         consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>         http://www.freeswitchsolutions.com
>>         <http://www.freeswitchsolutions.com>
>>
>>         Official FreeSWITCH Sites
>>         http://www.freeswitch.org
>>         http://confluence.freeswitch.org
>>         <http://confluence.freeswitch.org>
>>         http://www.cluecon.com
>>
>>         FreeSWITCH-users mailing list
>>         FreeSWITCH-users at lists.freeswitch.org
>>         <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>         http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>         <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>         UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>         <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>         http://www.freeswitch.org
>>
>>
>>
>>
>>     -- 
>>
>>     */Brian West/*
>>     brian at freeswitch.org <mailto:brian at freeswitch.org>
>>
>>
>>     */Twitter: @FreeSWITCH , @briankwest/*
>>     http://www.freeswitchbook.com 
>>     http://www.freeswitchcookbook.com <http://www.freeswitchcookbook.com>
>>     https://www.gofundme.com/freeswitch_ubuntu
>>     <https://www.gofundme.com/freeswitch_ubuntu>
>>
>>     Got Bugs? Report them here <https://freeswitch.org/jira>! |
>>     Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>>     *T:*+19184209001 <tel:%28918%29%20420-9001> | *F:*+19184209002
>>     <tel:%28918%29%20420-9002> | *M:*+1918424WEST (9378)
>>     *Skype:*briankwest
>>
>>
>>
>>     _________________________________________________________________________
>>     Professional FreeSWITCH Consulting Services: 
>>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>     http://www.freeswitchsolutions.com
>>     <http://www.freeswitchsolutions.com>
>>
>>     Official FreeSWITCH Sites
>>     http://www.freeswitch.org
>>     http://confluence.freeswitch.org <http://confluence.freeswitch.org>
>>     http://www.cluecon.com
>>
>>     FreeSWITCH-users mailing list
>>     FreeSWITCH-users at lists.freeswitch.org
>>     <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>     <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>     <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>     http://www.freeswitch.org
>
>     -- 
>     Information Technology Works
>     https://ITwrx.org
>     @ITwrxorg
>
>     _________________________________________________________________________
>     Professional FreeSWITCH Consulting Services:
>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>     http://www.freeswitchsolutions.com
>     <http://www.freeswitchsolutions.com> Official FreeSWITCH Sites
>     http://www.freeswitch.org http://confluence.freeswitch.org
>     <http://confluence.freeswitch.org> http://www.cluecon.com
>     FreeSWITCH-users mailing list
>     FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>
>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>     http://www.freeswitch.org 
>
> -- 
>
> */Brian West/* brian at freeswitch.org <mailto:brian at freeswitch.org>
>
> */Twitter: @FreeSWITCH , @briankwest/* http://www.freeswitchbook.com 
> http://www.freeswitchcookbook.comhttps://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! |
> Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-- 
Information Technology Works
https://ITwrx.org
@ITwrxorg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170105/5396bda8/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list