<div dir="ltr">I've corrected the how-to and put it in tree:<div><br></div><div><a href="https://stash.freeswitch.org/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?raw">https://stash.freeswitch.org/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?raw</a><br>
</div><div><br></div><div>Importing the ca.crt into your system keychain for it to be trusted is left to the end user to figure out. If you can't do that step then you'll kinda be SOL, I know on my Mac I just open ca.crt and it does the import for me... Windows I suspect is similar as for Linux NO CLUE.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 25, 2014 at 1:53 PM, William King <span dir="ltr"><<a href="mailto:william.king@quentustech.com" target="_blank">william.king@quentustech.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">One correction inline, and did you have any luck getting chrome to work<br>
with the custom CA?<br>
<br>
William King<br>
Senior Engineer<br>
Quentus Technologies, INC<br>
1037 NE 65th St Suite 273<br>
Seattle, WA 98115<br>
Main: <a href="tel:%28877%29%20211-9337" value="+18772119337">(877) 211-9337</a><br>
Office: <a href="tel:%28206%29%20388-4772" value="+12063884772">(206) 388-4772</a><br>
Cell: <a href="tel:%28253%29%20686-5518" value="+12536865518">(253) 686-5518</a><br>
<a href="mailto:william.king@quentustech.com">william.king@quentustech.com</a><br>
<div class=""><br>
On 07/25/2014 08:12 AM, Brian West wrote:<br>
> Someone should probably turn this into a nice how-to:<br>
><br>
> Here is how I did it.<br>
><br>
> wget <a href="http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz" target="_blank">http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz</a><br>
> tar zxfv ssl.ca-0.1.tar.gz<br>
> cd ssl.ca-0.1/<br>
> perl -i -pe 's/md5/sha1/g' *.sh<br>
> perl -i -pe 's/2048/2048/g' *.sh<br>
</div>This is a noop. I assume it was suppose to be /2048/4096/ or /1024/2048/<br>
> ./new-root-ca.sh<br>
> ./new-server-cert.sh <a href="http://self.bkw.org" target="_blank">self.bkw.org</a> <<a href="http://self.bkw.org" target="_blank">http://self.bkw.org</a>><br>
> ./sign-server-cert.sh <a href="http://self.bkw.org" target="_blank">self.bkw.org</a> <<a href="http://self.bkw.org" target="_blank">http://self.bkw.org</a>><br>
<div class="">> cat self.bkw.org.crt self.bkw.org.key > /usr/local/freeswitch/certs/wss.pem<br>
><br>
> Setup Apache:<br>
><br>
> default-ssl:<br>
><br>
> SSLCertificateFile /usr/local/freeswitch/certs/wss.pem<br>
> SSLCertificateKeyFile /usr/local/freeswitch/certs/wss.pem<br>
> SSLCertificateChainFile /usr/local/freeswitch/certs/wss.pem<br>
><br>
> Setup Sofia TLS:<br>
><br>
> cat self.bkw.org.crt self.bkw.org.key ><br>
> /usr/local/freeswitch/certs/agent.pem<br>
> cat ca.crt > /usr/local/freeswitch/certs/cafile.pem<br>
><br>
> vars.xml:<br>
><br>
> <X-PRE-PROCESScmd="set"data="internal_ssl_enable=true"/><br>
</div>> <X-PRE-PROCESScmd="set"data="external_ssl_enable=true"/><br>
<div class="">><br>
> Restart FreeSWITCH.<br>
><br>
> Now make sure your system has ca.crt imported so it will trust your new<br>
> found hotness.<br>
><br>
> TEST:<br>
><br>
</div>> openssl s_client -connect <a href="http://self.bkw.org:443" target="_blank">self.bkw.org:443</a> <<a href="http://self.bkw.org:443" target="_blank">http://self.bkw.org:443</a>><br>
> openssl s_client -connect <a href="http://self.bkw.org:8082" target="_blank">self.bkw.org:8082</a> <<a href="http://self.bkw.org:8082" target="_blank">http://self.bkw.org:8082</a>><br>
<div class="">><br>
><br>
> Depending on what you've setup you'll see:<br>
><br>
> subject=/C=US/ST=Oklahoma/L=McAlester/O=Tonka Truck/OU=Secure Web<br>
> Server/CN=<a href="http://self.bkw.org/emailAddress=brian@bkw.org" target="_blank">self.bkw.org/emailAddress=brian@bkw.org</a><br>
</div>> <<a href="http://self.bkw.org/emailAddress=brian@bkw.org" target="_blank">http://self.bkw.org/emailAddress=brian@bkw.org</a>><br>
<div class="">><br>
> issuer=/C=US/ST=Oklahoma/L=McAlester/O=Whizzzzzzy Bang<br>
> Bang/OU=Certification Services Division/CN=WBB Root<br>
</div>> CA/emailAddress=<a href="mailto:brian@bkw.org">brian@bkw.org</a> <mailto:<a href="mailto:brian@bkw.org">brian@bkw.org</a>><br>
><br>
> Or there abouts.<br>
><br>
> --<br>
><br>
> */Brian West/*<br>
> <a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a> <mailto:<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>><br>
><br>
><br>
> */Twitter: @FreeSWITCH , @briankwest/*<br>
> <a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
> <a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br>
><br>
> *T:*<a href="tel:%2B19184209001" value="+19184209001">+19184209001</a> | *F:*<a href="tel:%2B19184209002" value="+19184209002">+19184209002</a> | *M:*+1918424WEST (9378)<br>
> *iNUM:*<a href="tel:%2B883%205100%201420%209001" value="+883510014209001">+883 5100 1420 9001</a> | *ISN:*410*543 | *Skype:*briankwest<br>
><br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>