
<div dir="ltr">wss-binding is set and no wss.pem can be generated due to permissions or its utterly broken.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 14, 2015 at 3:21 PM, Michael Nielsen <span dir="ltr">&lt;<a href="mailto:mic.niel84@gmail.com" target="_blank">mic.niel84@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">none, but I&#39;ve also tried with in. <div class="HOEnZb"><div class="h5"><br><br>On Monday, September 14, 2015, Ítalo Rossi &lt;<a href="mailto:italo@freeswitch.org" target="_blank">italo@freeswitch.org</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>What you have in your tls-verify-policy ?</div><div><br></div>Check the valid values here: <a href="https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings" target="_blank">https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-Settings</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 14, 2015 at 10:23 AM, Michael Nielsen <span dir="ltr">&lt;<a>mic.niel84@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">When doing so I get the following error in fs_cli:<div><br></div><div><p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14 08:23:24.120749 [ERR] sofia_glue.c:329 Invalid tls-verify-policy value: none</p></div><div><p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14 08:23:24.160528 [ERR] sofia.c:2935 Error Creating SIP UA for profile: internal-ipv6 (sip:mod_sofia@[::1]:5060;transport=udp,tcp) ATTEMPT 1 (RETRY IN 5 SEC)</p>

<p style="margin:0px;font-size:10px;font-family:Monaco;color:rgb(195,55,32);background-color:rgb(0,0,0)">2015-09-14 08:23:24.180781 [ERR] sofia.c:2935 Error Creating SIP UA for profile: internal (sip:mod_sofia@159.122.89.10:5060;transport=udp,tcp) ATTEMPT 1 (RETRY IN 5 SEC)</p></div><div><br></div><div>And then sofia status only shows port 5080 running...</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 14, 2015 at 9:01 AM, Michael Nielsen <span dir="ltr">&lt;<a>mic.niel84@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I&#39;m running this clean installation of FS:<div><a href="https://github.com/voxserv/freeswitch_conf_minimal" target="_blank">https://github.com/voxserv/freeswitch_conf_minimal</a><br></div><div><br></div><div>Everything seems to work and I would now like to add TLS and SRTP encryption - for use on public WiFi and such.</div><div><br></div><div>I&#39;ve tried the following from this <a href="http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS#TLS.2C_SSL_and_SRTP_Encryption</a>:</div><div><br></div><div><pre style="font-family:monospace,Courier;padding:1em;border:1px dashed rgb(47,111,171);color:rgb(0,0,0);background-color:rgb(249,249,249);line-height:1.3em;font-size:13px">./gentls_cert setup -cn <a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org" target="_blank">freeswitch.org</a>

./gentls_cert create_server -cn <a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org" target="_blank">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org" target="_blank">freeswitch.org</a>

</pre></div><div>And in vars.xml:</div><div><pre style="font-family:monospace,Courier;padding:1em;border:1px dashed rgb(47,111,171);color:rgb(0,0,0);background-color:rgb(249,249,249);line-height:1.3em;font-size:13px">&lt;X-PRE-PROCESS cmd=&quot;set&quot; data=&quot;sip_tls_version=sslv23&quot;/&gt;

&lt;X-PRE-PROCESS cmd=&quot;set&quot; data=&quot;internal_ssl_enable=true&quot;/&gt;

</pre></div><div>Of course with my own domain when generating certificates.</div><div><br></div><div>Restarting FS and trying to connect to 5061 over TLS doesn&#39;t work.</div><div>Looking in fs_cli with debug 7 doesn&#39;t output anything when the client tries to connect.</div><div><br></div><div>How to debug or does anyone know what&#39;s wrong? My certificates are generated automatically in /usr/conf/ssl.</div></div>

</blockquote></div><br></div>

</div></div><br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a>consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a>FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">Ítalo Rossi<div><a>italo@freeswitch.org</a></div></div></div>

</div>

</blockquote>

</div></div><br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">


<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>

<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>

<p><font size="2" face="monospace, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div>

</div>