<div dir="ltr">Make sure you have:<div><br></div><div><div>/usr/local/freeswitch/certs/wss.pem # CERT, KEY AND CHAIN files separated by \n</div><div>/usr/local/freeswitch/certs/agent.pem # CERT file AND key file separated by \n</div><div>/usr/local/freeswitch/certs/cafile.pem # CHAIN file or root CA</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 5, 2016 at 12:19 PM, Oivvio Polite <span dir="ltr">&lt;<a href="mailto:mylists@polite.se" target="_blank">mylists@polite.se</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I had wss working with self signed certs and I&#39;m now trying to move to<br>
certs from Letsencrypt.<br>
<br>
I have something working. Connecting to https://myip:port/ I get the<br>
green padlock in chrome, but on close inspection Chrome tells me:<br>
<br>
    Your connection to  https://myip:port/ is encrypted using an obsolete<br>
    cipher suite.<br>
<br>
    The connection uses TLS 1.2<br>
<br>
    The connection is encrypted and authenticated using AES_128_GCM<br>
    and uses RSA as the key exchange mechanism&quot;<br>
<br>
Screenshot here: <a href="http://imgur.com/tERQUXw" rel="noreferrer" target="_blank">http://imgur.com/tERQUXw</a><br>
<br>
<br>
When trying to establish a secure websocket with the verto library I get<br>
<br>
    jquery.jsonrpcclient.js:285 WebSocket connection to &#39;wss://xxx.xxx.xxx.xxx:xxx&#39; failed: WebSocket opening handshake was canceled<br>
<br>
<br>
<br>
When inspecting <a href="https://webrtc.freeswitch.org:8082/" rel="noreferrer" target="_blank">https://webrtc.freeswitch.org:8082/</a> with Chrome I get<br>
the same complaint as with my Letsencrypt certs but verto still works<br>
over there. So there&#39;s something else that I&#39;m doing wrong.<br>
<br>
<br>
In the FS CLI i get this<br>
<br>
    2016-05-05 15:15:29.875866 [INFO] mod_verto.c:3997 myip:57884 Client Connect.<br>
    2016-05-05 15:15:29.895849 [INFO] mod_verto.c:1973 myip:57884 Starting client thread.<br>
    2016-05-05 15:15:29.975863 [DEBUG] mod_verto.c:1820 myip:57884 WS SETUP FAILED []<br>
<br>
Any ideas on what else to try?<br>
<br>
Oivvio<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Ítalo Rossi<div><a href="mailto:italo@freeswitch.org" target="_blank">italo@freeswitch.org</a></div></div></div>
</div>