<div dir="ltr">I can get my latest freeswitch to run TLS profiles if I use the provided scripts to genenrate the CA and the server certs, but not with my own certs. The TLS profile does start with my cert, but when I connect, it does not provide a cert to the client. <div>
<br></div><div>The only differences I can see in the server cert are the following fields:</div><div><br></div><div><div>X509v3 Authority Key Identifier: </div><div> DirName:/CN=FreeSWITCH CA/O=FreeSWITCH</div><div> serial:91:F9:22:5D:22:38:6B:09</div>
<div><br></div><div>X509v3 Subject Alternative Name: </div><div> DNS:<a href="http://test.freeswitch.org">test.freeswitch.org</a></div><div>Netscape Cert Type: </div><div> SSL Server</div><div>X509v3 Extended Key Usage: </div>
<div> TLS Web Server Authentication</div></div><div><br></div><div><br></div><div>As I understand it, the Netscape and Usage designations are not used by freeswitch at this time. So I wouldn't expect them to cause an issue, unless this has changed since the documentation was written.</div>
<div><br></div><div>I have the x509v3 Authority Key Identifier, with a keyid field, but I don't have these other two fields which the script puts. Are these required?</div><div><br></div><div>I also do not have a Alt name defined in my cert, but I wouldn't have thought this would be a required field either.</div>
<div><br></div><div>I can't find anything else that appears different to me. If someone can clarify what is required for Freeswitch to use a cert, it would be greatly appreciated!</div><div><br></div><div><br></div><div>
<br></div></div>