<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">dtls-srtp.pem, <br>
      tls.pem(the "stand in" i previously described), <br>
      and the original (could be from my old server where i set up tls
      following the freeswitch wiki) tls.pem which has been renamed to
      tls.pem.orig.<br>
      <br>
      On 01/05/2017 06:43 PM, Brian West wrote:<br>
    </div>
    <blockquote
cite="mid:CAEJMVkDN8khPRvkx1PrXzyi9+zf2Mkbvd6dV3xq2mkPLyS9d4w@mail.gmail.com"
      type="cite">
      <div dir="ltr">There is a lot more to it than that, what files are
        in that tls folder?</div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Thu, Jan 5, 2017 at 4:53 PM,
          ITwrx.org <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div class="m_-6287859564413664226moz-cite-prefix">i just
                copied the pem formatted cert that certbot generated to
                /etc/freeswitch/tls and named it tls.pem. it's
                freeswitch:freeswitch 660 for perms. freeswitch seems
                capable of reading it, as the tls enabled profile starts
                up. i only get an error in fs_cli when the csipsimple
                client tries to connect using tls.<br>
                <br>
                thanks
                <div>
                  <div class="h5"><br>
                    <br>
                    On 01/05/2017 04:36 PM, Brian West wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">How did you format the cert? and in
                      what files did you put them in? and are your
                      permissions correct on those files?</div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Thu, Jan 5, 2017 at
                        2:55 PM, ITwrx.org <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">hi,<br>
                          <br>
                          i'm trying to use a letsencrypt generated cert
                          with freeswitch but am<br>
                          not sure how to proceed. I've read the old and
                          new wiki posts concerning<br>
                          tls but they don't seem to cover my exact
                          scenario. It seems to me that<br>
                          freeswitch is looking into the configured
                          "tls-cert-dir" for the<br>
                          hardcoded filename tls.pem and is expecting
                          that a self generated ca has<br>
                          signed it. i have placed the fullchain.pem in
                          that directory (generated<br>
                          with certbot) and have renamed it tls.pem but
                          i guess it's not finding<br>
                          the CA sig it expects(?) as i'm getting:<br>
                          <br>
                          tport_tls.c:1044 tls_connect()
                          tls_connect(0x373c000e8d0): TLS setup<br>
                          failed (error:00000005:lib(0):func(0)<wbr>:DH
                          lib)<br>
                          <br>
                          when trying to connect with csipsimple from
                          phone. I would like to avoid<br>
                          generating client certs signed by a custom CA
                          where users have to copy<br>
                          the client cert and ca cert to their device as
                          it adds complexity and<br>
                          problems. Is there a workaround or suggested
                          method for using a<br>
                          letsencrypt cert with freeswitch so that
                          clients like csipsimple can<br>
                          just validate against their built-in CA store?<br>
                          <br>
                          thanks in advance,<br>
                          ITwrx<br>
                          <br>
                          --<br>
                          Information Technology Works<br>
                          <a moz-do-not-send="true"
                            href="https://ITwrx.org" rel="noreferrer"
                            target="_blank">https://ITwrx.org</a><br>
                          @ITwrxorg<br>
                          <br>
                          <br>
                          ______________________________<wbr>______________________________<wbr>_____________<br>
                          Professional FreeSWITCH Consulting Services:<br>
                          <a moz-do-not-send="true"
                            href="mailto:consulting@freeswitch.org"
                            target="_blank">consulting@freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitchsolutions.com"
                            rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
                          <br>
                          Official FreeSWITCH Sites<br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitch.org"
                            rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://confluence.freeswitch.org"
                            rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.cluecon.com"
                            rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
                          <br>
                          FreeSWITCH-users mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:FreeSWITCH-users@lists.freeswitch.org"
                            target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
                            rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
                          UNSUBSCRIBE:<a moz-do-not-send="true"
                            href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
                            rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitch.org"
                            rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
                        </blockquote>
                      </div>
                      <br>
                      <br clear="all">
                      <div><br>
                      </div>
                      -- <br>
                      <div class="m_-6287859564413664226gmail_signature"
                        data-smartmail="gmail_signature">
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr">
                                  <div>
                                    <div dir="ltr">
                                      <div>
                                        <div dir="ltr">
                                          <div>
                                            <div dir="ltr">
                                              <div>
                                                <div dir="ltr">
                                                  <div>
                                                    <div dir="ltr">
                                                      <div>
                                                        <div dir="ltr">
                                                          <p><font
                                                          face="courier
                                                          new,
                                                          monospace"><b><i><font
                                                          size="4">Brian
                                                          West</font></i></b><br>
                                                          <span
                                                          style="font-size:x-small"><a
moz-do-not-send="true" href="mailto:brian@freeswitch.org"
                                                          target="_blank">brian@freeswitch.org</a></span></font></p>
                                                          <p><font
                                                          size="1"
                                                          face="courier
                                                          new,
                                                          monospace"><img
moz-do-not-send="true"
                                                          src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br>
                                                          </font></p>
                                                          <p><font
                                                          size="2"
                                                          face="monospace,
                                                          monospace"><b><i>Twitter:
                                                          @FreeSWITCH ,
                                                          @briankwest</i></b><br>
                                                          <a
                                                          moz-do-not-send="true"
href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <br>
                                                          <a
                                                          moz-do-not-send="true"
href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.<wbr>com</a></font><font
                                                          size="2"
                                                          face="monospace,
                                                          monospace"><br>
                                                          </font><a
                                                          moz-do-not-send="true"
href="https://www.gofundme.com/freeswitch_ubuntu"
                                                          style="font-size:12.8px"
target="_blank"><font face="monospace, monospace">https://www.gofundme.com/<wbr>freeswitch_ubuntu</font></a></p>
                                                          <p><font
                                                          face="monospace,
                                                          monospace">Got
                                                          Bugs? Report
                                                          them <a
                                                          moz-do-not-send="true"
href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a
moz-do-not-send="true" href="https://www.reddit.com/r/freeswitch"
                                                          target="_blank">/r/freeswitch</a></font></p>
                                                          <p><font
                                                          size="2"
                                                          face="monospace,
                                                          monospace"><b>T:</b><a
moz-do-not-send="true" href="tel:%28918%29%20420-9001"
                                                          value="+19184209001"
target="_blank">+19184209001</a> | <b>F:</b><a moz-do-not-send="true"
                                                          href="tel:%28918%29%20420-9002"
value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST
                                                          (9378)<br>
                                                          <b>Skype:</b>briankwest</font></p>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                    <br>
                    <fieldset
                      class="m_-6287859564413664226mimeAttachmentHeader"></fieldset>
                    <br>
                    <pre>______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services: 
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitchsolutions.com" target="_blank">http://www.<wbr>freeswitchsolutions.com</a>

Official FreeSWITCH Sites
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.<wbr>org</a>
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a>
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a>
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
    </blockquote>
    

    <p>

    </p>
    <pre class="m_-6287859564413664226moz-signature" cols="72">-- 
Information Technology Works
<a moz-do-not-send="true" class="m_-6287859564413664226moz-txt-link-freetext" href="https://ITwrx.org" target="_blank">https://ITwrx.org</a>
@ITwrxorg

</pre>
  </div></div></div>


______________________________<wbr>______________________________<wbr>_____________

Professional FreeSWITCH Consulting Services:

<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>

<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a>



Official FreeSWITCH Sites

<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>

<a moz-do-not-send="true" href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a>

<a moz-do-not-send="true" href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a>



FreeSWITCH-users mailing list

<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a>

<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a>

UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a>

<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>
</blockquote></div>

<div>
</div>-- 
<div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">







<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b>
<span style="font-size:x-small"><a moz-do-not-send="true" href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img moz-do-not-send="true" src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png">
</font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b>
<a moz-do-not-send="true" href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> 
<a moz-do-not-send="true" href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font><font size="2" face="monospace, monospace">
</font><a moz-do-not-send="true" href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a moz-do-not-send="true" href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a moz-do-not-send="true" href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)
<b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>


<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>

Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>

</blockquote>
<p>
</p><pre class="moz-signature" cols="72">-- 
Information Technology Works
<a class="moz-txt-link-freetext" href="https://ITwrx.org">https://ITwrx.org</a>
@ITwrxorg

</pre></body></html>