[Freeswitch-users] multiple sip profiles

Stefan Davids freeswitch at stefan.davids.uk.net
Tue Mar 21 12:24:14 MSK 2017 

It probably depends on the client configuration if you get an invalid
certificate for self signed or not.  Most seem happy by default when 
I've tried.

I've had no problems using letsencrypt certificates for TLS.

If it is a certificate issue (you can check by turning up the logging) 
I'd imagine either the certificate isn't readable by freeswitch (by 
default I think it'll be chmod 600 and owned by root) or it's wrongly 
constructed.

I have wss.pem as a symlink

wss.pem -> /etc/letsencrypt/wss.pem

# ls -l /etc/letsencrypt/wss.pem
-rw-r----- 1 freeswitch freeswitch 10868 Mar  8 18:46 /etc/letsencrypt/wss.pem

and created wss.pem via

cat /etc/letsencrypt/live/sip.netscum.org.uk/cert.pem /etc/letsencrypt/live/sip.netscum.org.uk/privkey.pem /etc/letsencrypt/live/sip.netscum.org.uk/chain.pem /etc/letsencrypt/live/sip.netscum.org.uk/fullchain.pem > /etc/letsencrypt/wss.pem




On 20/03/17 22:08, Rick Jarvis wrote:
> Thanks Stefan, that’s a huge help - hadn’t crossed my mind it could be a cert error, given the description. I’m currently using letsencrypt’s certbot to download the certs and symbolic linking to them. Maybe I should just try the generator that the docs recommend, but am wondering if that will present the non-valid CA issues one gets with web browsers (I’m not all that clear on whether this applies to SIP clients or not?!)...
> 
>> On 20 Mar 2017, at 15:36, Stefan Davids <freeswitch at stefan.davids.uk.net> wrote:
>>
>>
>> For what it's worth I've had this error when freeswitch couldn't open the required
>> certificates for SSL.
>>
>> Turning up the freeswitch logging revealed the system call to open the certicate was
>> failing with no such file...
>>
>> On Fri, March 17, 2017 8:25 pm, Rick Jarvis wrote:
>>> also, the thing that’s really bugging me ATM is that if I enable TLS, just by setting
>>> the following:
>>>
>>> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
>>>
>>> I get:
>>>
>>> 2017-03-17 20:22:05.762756 [ERR] sofia.c:2863 Error Creating SIP UA for profile:
>>> internal (sip:mod_sofia at 12.34.56.78:5060;transport=udp,tcp)
>>> The likely causes for this are:
>>> 1) Another application is already listening on the specified address.
>>> 2) The IP the profile is attempting to bind to is not local to this system.
>>>
>>> Yet the TLS port is set to 5061, so how can this be?
>>>
>>>
>>>> On 17 Mar 2017, at 19:32, Sergey Safarov <s.safarov at gmail.com> wrote:
>>>>
>>>> Try NAPTR and SRV records. In this case required only one certificate.
>>>> Requirements sip clients must support NAPRT or SRV records for TLS connection
>>>>
>>>>
>>>> пт, 17 марта 2017, 22:28 Rick Jarvis <rick at magicmail.mooo.com
>>>> <mailto:rick at magicmail.mooo.com>>: <freeswitch at stefan.davids.uk.net> 
>>>> Trying to get my head around setting TLS up. I have one internal sip profile, but
>>>> multiple domains & dialplans.
>>>>
>>>> If I want to enable TLS on multiple domains, I think I’m right in saying that I will
>>>> then need multiple sip profiles, in order to set the TLS up in each?
>>>>
>>>> I guess my confusion comes from understanding the difference between domains, profiles
>>>> and sip profiles. I’m not even sure exactly what question I’m asking here, so
>>>> apologies!
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>> http://www.freeswitch.org
>>>> <http://www.freeswitch.org/>_________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services: 
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list