<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Mitch,<div><br></div><div>Thank you! I enabled logging and found my CA cert file misnamed. Re-naming it fixed the problem!</div><div><br></div><div>-Rob<br><br><div><div id="SkyDrivePlaceholder"></div>> From: mitch.capper@gmail.com<br>> Date: Thu, 9 Aug 2012 09:33:28 -0700<br>> To: freeswitch-users@lists.freeswitch.org<br>> Subject: Re: [Freeswitch-users] TLS on FreeSwitch not Working<br>> <br>> Turn on sofia tport logging it will tell you what its unable to setup<br>> the TLS connection.<br>> <br>> ~Mitch<br>> <br>> On Wed, Aug 8, 2012 at 10:09 PM, R W <wingcomm@hotmail.com> wrote:<br>> > Hi All,<br>> ><br>> > I cannot seem to get TLS running on the sofia "internal" profile. Any<br>> > assistance would be appreciated.<br>> ><br>> > I'm running FreeSWITCH Version 1.2.0-rc2+git~20120808T025758Z~9ac586adc8<br>> > (1.2.0-rc2; git at commit 9ac586adc8 on Wed, 08 Aug 2012 02:57:58 Z) on<br>> > Ubuntu 12.04 LTS.<br>> ><br>> > When I set internal_ssl_enable=true, and reload the sofia internal profile,<br>> > I get the "usual" error:<br>> ><br>> > 2012-08-09 00:34:14.174431 [ERR] sofia.c:2289 Error Creating SIP UA for<br>> > profile: internal<br>> ><br>> > <!-- SIP Profile: Internal --><br>> > <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/><br>> > <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/><br>> > <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/><br>> > <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/><br>> > <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/><br>> ><br>> > I verified that the OpenSSL development libraries were installed (Ubuntu<br>> > package libssl-dev) and looked for references to ssl in the output from the<br>> > compilation process and saw this:<br>> ><br>> > "checking for openssl... yes<br>> ><br>> > checking openssl_CFLAGS...<br>> ><br>> > checking openssl_LIBS... -lssl -lcrypto<br>> ><br>> > adding "-DHAVE_OPENSSL" to SWITCH_AM_CFLAGS"<br>> ><br>> ><br>> > ...<br>> ><br>> ><br>> > "checking OpenSSL options with pkg-config... found<br>> ><br>> > checking for gdi32... no<br>> ><br>> > checking for CRYPTO_lock in -lcrypto... yes<br>> ><br>> > checking for SSL_connect in -lssl... yes<br>> ><br>> > checking openssl/x509.h usability... yes<br>> ><br>> > checking openssl/x509.h presence... yes<br>> ><br>> > checking for openssl/x509.h... yes<br>> ><br>> > checking openssl/rsa.h usability... yes<br>> ><br>> > checking openssl/rsa.h presence... yes<br>> ><br>> > checking for openssl/rsa.h... yes<br>> ><br>> > checking openssl/crypto.h usability... yes<br>> ><br>> > checking openssl/crypto.h presence... yes<br>> ><br>> > checking for openssl/crypto.h... yes<br>> ><br>> > checking openssl/pem.h usability... yes<br>> ><br>> > checking openssl/pem.h presence... yes<br>> ><br>> > checking for openssl/pem.h... yes<br>> ><br>> > checking openssl/ssl.h usability... yes<br>> ><br>> > checking openssl/ssl.h presence... yes<br>> ><br>> > checking for openssl/ssl.h... yes<br>> ><br>> > checking openssl/err.h usability... yes<br>> ><br>> > checking openssl/err.h presence... yes<br>> ><br>> > checking for openssl/err.h... yes<br>> ><br>> > checking openssl/pkcs12.h usability... yes<br>> ><br>> > checking openssl/pkcs12.h presence... yes<br>> ><br>> > checking for openssl/pkcs12.h... yes<br>> ><br>> > checking for ENGINE_init... yes<br>> ><br>> > checking openssl/engine.h usability... yes<br>> ><br>> > checking openssl/engine.h presence... yes<br>> ><br>> > checking for openssl/engine.h... yes<br>> ><br>> > checking for ENGINE_load_builtin_engines... yes<br>> ><br>> > checking for RAND_status... yes<br>> ><br>> > checking for RAND_screen... no<br>> ><br>> > checking for RAND_egd... yes<br>> ><br>> > checking for CRYPTO_cleanup_all_ex_data... yes<br>> ><br>> > checking for "/dev/urandom"... yes<br>> ><br>> > checking CA cert bundle install path...<br>> > ${prefix}/share/curl/curl-ca-bundle.crt<br>> ><br>> > checking for inflateEnd in -lz... yes"<br>> ><br>> ><br>> > Is there anything else I should be checking. Does freeswitch send logs<br>> > anywhere other than ../freeswitch/log/ ?<br>> ><br>> ><br>> ><br>> ><br>> ><br>> > _________________________________________________________________________<br>> > Professional FreeSWITCH Consulting Services:<br>> > consulting@freeswitch.org<br>> > http://www.freeswitchsolutions.com<br>> ><br>> > FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>> > http://www.cudatel.com<br>> ><br>> > Official FreeSWITCH Sites<br>> > http://www.freeswitch.org<br>> > http://wiki.freeswitch.org<br>> > http://www.cluecon.com<br>> ><br>> > Join Us At ClueCon - Aug 7-9, 2012<br>> ><br>> > FreeSWITCH-users mailing list<br>> > FreeSWITCH-users@lists.freeswitch.org<br>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>> > http://www.freeswitch.org<br>> ><br>> <br>> _________________________________________________________________________<br>> Professional FreeSWITCH Consulting Services:<br>> consulting@freeswitch.org<br>> http://www.freeswitchsolutions.com<br>> <br>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>> http://www.cudatel.com<br>> <br>> Official FreeSWITCH Sites<br>> http://www.freeswitch.org<br>> http://wiki.freeswitch.org<br>> http://www.cluecon.com<br>> <br>> Join Us At ClueCon - Aug 7-9, 2012<br>> <br>> FreeSWITCH-users mailing list<br>> FreeSWITCH-users@lists.freeswitch.org<br>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>> http://www.freeswitch.org<br></div></div> </div></body>
</html>