<div dir="ltr"><div>Someone should probably turn this into a nice how-to:</div><div><br></div><div>Here is how I did it.<br></div><div><br></div><div>wget <a href="http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz">http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz</a></div>
<div>tar zxfv ssl.ca-0.1.tar.gz</div><div>cd ssl.ca-0.1/</div><div>perl -i -pe 's/md5/sha1/g' *.sh</div><div>perl -i -pe 's/2048/2048/g' *.sh</div><div>./new-root-ca.sh </div><div>./new-server-cert.sh <a href="http://self.bkw.org">self.bkw.org</a></div>
<div>./sign-server-cert.sh <a href="http://self.bkw.org">self.bkw.org</a></div><div>cat self.bkw.org.crt self.bkw.org.key > /usr/local/freeswitch/certs/wss.pem</div><div><br></div><div>Setup Apache:</div><div>
<p class="">default-ssl:</p>
<p class=""><span class="">        </span>SSLCertificateFile /usr/local/freeswitch/certs/wss.pem<br>SSLCertificateKeyFile /usr/local/freeswitch/certs/wss.pem<br>SSLCertificateChainFile /usr/local/freeswitch/certs/wss.pem</p>
<p class="">Setup Sofia TLS:</p><p class="">
</p><p class="">cat self.bkw.org.crt self.bkw.org.key > /usr/local/freeswitch/certs/agent.pem <br>cat ca.crt > /usr/local/freeswitch/certs/cafile.pem</p><p class="">vars.xml:</p><p class="">
</p><p class=""><span class=""><</span><span class="">X-PRE-PROCESS</span><span class=""> </span><span class="">cmd</span><span class="">=</span>"set"<span class=""> </span><span class="">data</span><span class="">=</span>"internal_ssl_enable=true"<span class="">/><br>
</span><span class=""><</span><span class="">X-PRE-PROCESS</span><span class=""> </span><span class="">cmd</span><span class="">=</span>"set"<span class=""> </span><span class="">data</span><span class="">=</span>"external_ssl_enable=true"<span class="">/></span></p>
<p class="">Restart FreeSWITCH.</p><p class="">Now make sure your system has ca.crt imported so it will trust your new found hotness.<br></p></div><div>TEST:</div><div><br></div><div>
<p class="">openssl s_client -connect <a href="http://self.bkw.org:443">self.bkw.org:443</a><br>openssl s_client -connect <a href="http://self.bkw.org:8082">self.bkw.org:8082</a><br></p><p class=""><br></p><p class="">Depending on what you've setup you'll see:</p>
<p class="">subject=/C=US/ST=Oklahoma/L=McAlester/O=Tonka Truck/OU=Secure Web Server/CN=<a href="http://self.bkw.org/emailAddress=brian@bkw.org">self.bkw.org/emailAddress=brian@bkw.org</a></p><p class="">
</p><p class="">issuer=/C=US/ST=Oklahoma/L=McAlester/O=Whizzzzzzy Bang Bang/OU=Certification Services Division/CN=WBB Root CA/emailAddress=<a href="mailto:brian@bkw.org">brian@bkw.org</a></p><p class="">Or there abouts.</p>
</div>-- <br><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>