<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I was able to use the Letsencrypt certificate (domain is
pbx.blah.com) using the following:<br>
<br>
<br>
cat /etc/letsencrypt/live/pbx.blah.com/fullchain.pem
/etc/letsencrypt/live/pbx.blah.com/privkey.pem >
/etc/freeswitch/conf/ssl/agent.pem<br>
<br>
The root CA was DST as shown by:<br>
openssl x509 -in /etc/letsencrypt/live/pbx.blah.com/chain.pem -noout
-issuer<br>
<br>
Thus the DST_Root_CA_X3.pem was obtained from:<br>
<a class="moz-txt-link-freetext" href="https://www.identrust.com/certificates/trustid/root-download-x3.html">https://www.identrust.com/certificates/trustid/root-download-x3.html</a><br>
<br>
The cafile was generated using:<br>
cat /etc/letsencrypt/live/pbx.blah.com/chain.pem DST_Root_CA_X3.pem
> /etc/freeswitch/conf/ssl/cafile.pem<br>
<br>
Finally checked <br>
# openssl verify -CAfile cafile.pem agent.pem<br>
agent.pem: OK<br>
<br>
Hope this is helpful to somebody.<br>
<br>
<div class="moz-cite-prefix">On 11/21/2016 11:09 AM, Michael Jerris
wrote:<br>
</div>
<blockquote
cite="mid:94FB5E2B-E2EB-42D5-8B1F-10D74ECC4317@jerris.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
there are some instructions here:
<div class=""><br class="">
</div>
<div class=""><a moz-do-not-send="true"
href="https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator"
class="">https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie#Debian8Jessie-Scriptinstallfreeswitchdemowithverto_communicator</a></div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Nov 21, 2016, at 11:50 AM, Rajil Saraswat
<<a moz-do-not-send="true"
href="mailto:rajil.s@gmail.com" class="">rajil.s@gmail.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<p dir="ltr" class="">Hello, </p>
<p dir="ltr" class="">I have been using self generated
certificates (<a moz-do-not-send="true"
href="https://wiki.freeswitch.org/wiki/SIP_TLS"
class="">https://wiki.freeswitch.org/wiki/SIP_TLS</a>)
until now.<br class="">
Is it possible to use Letsencrypt generated certificates
for TLS? </p>
<p dir="ltr" class="">Thanks</p>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</body>
</html>