<div dir="ltr">I&#39;ve corrected the how-to and put it in tree:<div><br></div><div><a href="https://stash.freeswitch.org/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?raw">https://stash.freeswitch.org/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?raw</a><br>
</div><div><br></div><div>Importing the ca.crt into your system keychain for it to be trusted is left to the end user to figure out.  If you can&#39;t do that step then you&#39;ll kinda be SOL, I know on my Mac I just open ca.crt and it does the import for me... Windows I suspect is similar as for Linux NO CLUE.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 25, 2014 at 1:53 PM, William King <span dir="ltr">&lt;<a href="mailto:william.king@quentustech.com" target="_blank">william.king@quentustech.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">One correction inline, and did you have any luck getting chrome to work<br>
with the custom CA?<br>
<br>
William King<br>
Senior Engineer<br>
Quentus Technologies, INC<br>
1037 NE 65th St Suite 273<br>
Seattle, WA 98115<br>
Main:   <a href="tel:%28877%29%20211-9337" value="+18772119337">(877) 211-9337</a><br>
Office: <a href="tel:%28206%29%20388-4772" value="+12063884772">(206) 388-4772</a><br>
Cell:   <a href="tel:%28253%29%20686-5518" value="+12536865518">(253) 686-5518</a><br>
<a href="mailto:william.king@quentustech.com">william.king@quentustech.com</a><br>
<div class=""><br>
On 07/25/2014 08:12 AM, Brian West wrote:<br>
&gt; Someone should probably turn this into a nice how-to:<br>
&gt;<br>
&gt; Here is how I did it.<br>
&gt;<br>
&gt; wget <a href="http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz" target="_blank">http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz</a><br>
&gt; tar zxfv ssl.ca-0.1.tar.gz<br>
&gt; cd ssl.ca-0.1/<br>
&gt; perl -i -pe &#39;s/md5/sha1/g&#39; *.sh<br>
&gt; perl -i -pe &#39;s/2048/2048/g&#39; *.sh<br>
</div>This is a noop. I assume it was suppose to be /2048/4096/ or /1024/2048/<br>
&gt; ./new-root-ca.sh<br>
&gt; ./new-server-cert.sh <a href="http://self.bkw.org" target="_blank">self.bkw.org</a> &lt;<a href="http://self.bkw.org" target="_blank">http://self.bkw.org</a>&gt;<br>
&gt; ./sign-server-cert.sh <a href="http://self.bkw.org" target="_blank">self.bkw.org</a> &lt;<a href="http://self.bkw.org" target="_blank">http://self.bkw.org</a>&gt;<br>
<div class="">&gt; cat self.bkw.org.crt self.bkw.org.key &gt; /usr/local/freeswitch/certs/wss.pem<br>
&gt;<br>
&gt; Setup Apache:<br>
&gt;<br>
&gt; default-ssl:<br>
&gt;<br>
&gt; SSLCertificateFile    /usr/local/freeswitch/certs/wss.pem<br>
&gt; SSLCertificateKeyFile /usr/local/freeswitch/certs/wss.pem<br>
&gt; SSLCertificateChainFile /usr/local/freeswitch/certs/wss.pem<br>
&gt;<br>
&gt; Setup Sofia TLS:<br>
&gt;<br>
&gt; cat self.bkw.org.crt self.bkw.org.key &gt;<br>
&gt; /usr/local/freeswitch/certs/agent.pem<br>
&gt; cat ca.crt &gt; /usr/local/freeswitch/certs/cafile.pem<br>
&gt;<br>
&gt; vars.xml:<br>
&gt;<br>
&gt; &lt;X-PRE-PROCESScmd=&quot;set&quot;data=&quot;internal_ssl_enable=true&quot;/&gt;<br>
</div>&gt; &lt;X-PRE-PROCESScmd=&quot;set&quot;data=&quot;external_ssl_enable=true&quot;/&gt;<br>
<div class="">&gt;<br>
&gt; Restart FreeSWITCH.<br>
&gt;<br>
&gt; Now make sure your system has ca.crt imported so it will trust your new<br>
&gt; found hotness.<br>
&gt;<br>
&gt; TEST:<br>
&gt;<br>
</div>&gt; openssl s_client -connect <a href="http://self.bkw.org:443" target="_blank">self.bkw.org:443</a> &lt;<a href="http://self.bkw.org:443" target="_blank">http://self.bkw.org:443</a>&gt;<br>
&gt; openssl s_client -connect <a href="http://self.bkw.org:8082" target="_blank">self.bkw.org:8082</a> &lt;<a href="http://self.bkw.org:8082" target="_blank">http://self.bkw.org:8082</a>&gt;<br>
<div class="">&gt;<br>
&gt;<br>
&gt; Depending on what you&#39;ve setup you&#39;ll see:<br>
&gt;<br>
&gt; subject=/C=US/ST=Oklahoma/L=McAlester/O=Tonka Truck/OU=Secure Web<br>
&gt; Server/CN=<a href="http://self.bkw.org/emailAddress=brian@bkw.org" target="_blank">self.bkw.org/emailAddress=brian@bkw.org</a><br>
</div>&gt; &lt;<a href="http://self.bkw.org/emailAddress=brian@bkw.org" target="_blank">http://self.bkw.org/emailAddress=brian@bkw.org</a>&gt;<br>
<div class="">&gt;<br>
&gt; issuer=/C=US/ST=Oklahoma/L=McAlester/O=Whizzzzzzy Bang<br>
&gt; Bang/OU=Certification Services Division/CN=WBB Root<br>
</div>&gt; CA/emailAddress=<a href="mailto:brian@bkw.org">brian@bkw.org</a> &lt;mailto:<a href="mailto:brian@bkw.org">brian@bkw.org</a>&gt;<br>
&gt;<br>
&gt; Or there abouts.<br>
&gt;<br>
&gt; --<br>
&gt;<br>
&gt; */Brian West/*<br>
&gt; <a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a> &lt;mailto:<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>&gt;<br>
&gt;<br>
&gt;<br>
&gt; */Twitter: @FreeSWITCH , @briankwest/*<br>
&gt; <a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
&gt; <a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br>
&gt;<br>
&gt; *T:*<a href="tel:%2B19184209001" value="+19184209001">+19184209001</a> | *F:*<a href="tel:%2B19184209002" value="+19184209002">+19184209002</a> | *M:*+1918424WEST (9378)<br>
&gt; *iNUM:*<a href="tel:%2B883%205100%201420%209001" value="+883510014209001">+883 5100 1420 9001</a> | *ISN:*410*543 | *Skype:*briankwest<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; _________________________________________________________________________<br>
&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
&gt; <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;<br>
&gt; FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
&gt; <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
&gt; <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;<br>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">







<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>