<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">i just copied the pem formatted cert
that certbot generated to /etc/freeswitch/tls and named it
tls.pem. it's freeswitch:freeswitch 660 for perms. freeswitch
seems capable of reading it, as the tls enabled profile starts up.
i only get an error in fs_cli when the csipsimple client tries to
connect using tls.<br>
<br>
thanks<br>
<br>
On 01/05/2017 04:36 PM, Brian West wrote:<br>
</div>
<blockquote
cite="mid:CAEJMVkAFOMLK9ykA0n0B0S9SiA7Cbmq5vb3F8H_EFvOtWW4AEg@mail.gmail.com"
type="cite">
<div dir="ltr">How did you format the cert? and in what files did
you put them in? and are your permissions correct on those
files?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 5, 2017 at 2:55 PM,
ITwrx.org <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">hi,<br>
<br>
i'm trying to use a letsencrypt generated cert with
freeswitch but am<br>
not sure how to proceed. I've read the old and new wiki
posts concerning<br>
tls but they don't seem to cover my exact scenario. It seems
to me that<br>
freeswitch is looking into the configured "tls-cert-dir" for
the<br>
hardcoded filename tls.pem and is expecting that a self
generated ca has<br>
signed it. i have placed the fullchain.pem in that directory
(generated<br>
with certbot) and have renamed it tls.pem but i guess it's
not finding<br>
the CA sig it expects(?) as i'm getting:<br>
<br>
tport_tls.c:1044 tls_connect() tls_connect(0x373c000e8d0):
TLS setup<br>
failed (error:00000005:lib(0):func(0)<wbr>:DH lib)<br>
<br>
when trying to connect with csipsimple from phone. I would
like to avoid<br>
generating client certs signed by a custom CA where users
have to copy<br>
the client cert and ca cert to their device as it adds
complexity and<br>
problems. Is there a workaround or suggested method for
using a<br>
letsencrypt cert with freeswitch so that clients like
csipsimple can<br>
just validate against their built-in CA store?<br>
<br>
thanks in advance,<br>
ITwrx<br>
<br>
--<br>
Information Technology Works<br>
<a moz-do-not-send="true" href="https://ITwrx.org"
rel="noreferrer" target="_blank">https://ITwrx.org</a><br>
@ITwrxorg<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com" rel="noreferrer"
target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://confluence.freeswitch.org" rel="noreferrer"
target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com"
rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<p><font face="courier new,
monospace"><b><i><font
size="4">Brian
West</font></i></b><br>
<span
style="font-size:x-small"><a
moz-do-not-send="true" href="mailto:brian@freeswitch.org"
target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1"
face="courier new,
monospace"><img
moz-do-not-send="true"
src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br>
</font></p>
<p><font size="2"
face="monospace,
monospace"><b><i>Twitter:
@FreeSWITCH ,
@briankwest</i></b><br>
<a
moz-do-not-send="true"
href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <br>
<a
moz-do-not-send="true"
href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font><font
size="2"
face="monospace,
monospace"><br>
</font><a
moz-do-not-send="true"
href="https://www.gofundme.com/freeswitch_ubuntu"
style="font-size:12.8px"
target="_blank"><font
face="monospace,
monospace">https://www.gofundme.com/freeswitch_ubuntu</font></a></p>
<p><font face="monospace,
monospace">Got Bugs?
Report them <a
moz-do-not-send="true"
href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a
moz-do-not-send="true"
href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2"
face="monospace,
monospace"><b>T:</b>+19184209001
| <b>F:</b>+19184209002
| <b>M:</b>+1918424WEST
(9378)<br>
<b>Skype:</b>briankwest</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Information Technology Works
<a class="moz-txt-link-freetext" href="https://ITwrx.org">https://ITwrx.org</a>
@ITwrxorg
</pre>
</body>
</html>