<div dir="ltr">There is a lot more to it than that, what files are in that tls folder?</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 5, 2017 at 4:53 PM, ITwrx.org <span dir="ltr"><<a href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_-6287859564413664226moz-cite-prefix">i just copied the pem formatted cert
that certbot generated to /etc/freeswitch/tls and named it
tls.pem. it's freeswitch:freeswitch 660 for perms. freeswitch
seems capable of reading it, as the tls enabled profile starts up.
i only get an error in fs_cli when the csipsimple client tries to
connect using tls.<br>
<br>
thanks<div><div class="h5"><br>
<br>
On 01/05/2017 04:36 PM, Brian West wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">How did you format the cert? and in what files did
you put them in? and are your permissions correct on those
files?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 5, 2017 at 2:55 PM,
ITwrx.org <span dir="ltr"><<a href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">hi,<br>
<br>
i'm trying to use a letsencrypt generated cert with
freeswitch but am<br>
not sure how to proceed. I've read the old and new wiki
posts concerning<br>
tls but they don't seem to cover my exact scenario. It seems
to me that<br>
freeswitch is looking into the configured "tls-cert-dir" for
the<br>
hardcoded filename tls.pem and is expecting that a self
generated ca has<br>
signed it. i have placed the fullchain.pem in that directory
(generated<br>
with certbot) and have renamed it tls.pem but i guess it's
not finding<br>
the CA sig it expects(?) as i'm getting:<br>
<br>
tport_tls.c:1044 tls_connect() tls_connect(0x373c000e8d0):
TLS setup<br>
failed (error:00000005:lib(0):func(0)<wbr>:DH lib)<br>
<br>
when trying to connect with csipsimple from phone. I would
like to avoid<br>
generating client certs signed by a custom CA where users
have to copy<br>
the client cert and ca cert to their device as it adds
complexity and<br>
problems. Is there a workaround or suggested method for
using a<br>
letsencrypt cert with freeswitch so that clients like
csipsimple can<br>
just validate against their built-in CA store?<br>
<br>
thanks in advance,<br>
ITwrx<br>
<br>
--<br>
Information Technology Works<br>
<a href="https://ITwrx.org" rel="noreferrer" target="_blank">https://ITwrx.org</a><br>
@ITwrxorg<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-6287859564413664226gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<p><font face="courier new,
monospace"><b><i><font size="4">Brian
West</font></i></b><br>
<span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new,
monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br>
</font></p>
<p><font size="2" face="monospace,
monospace"><b><i>Twitter:
@FreeSWITCH ,
@briankwest</i></b><br>
<a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.<wbr>com</a></font><font size="2" face="monospace,
monospace"><br>
</font><a href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace,
monospace">https://www.gofundme.com/<wbr>freeswitch_ubuntu</font></a></p>
<p><font face="monospace,
monospace">Got Bugs?
Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace,
monospace"><b>T:</b><a href="tel:(918)%20420-9001" value="+19184209001" target="_blank">+19184209001</a>
| <b>F:</b><a href="tel:(918)%20420-9002" value="+19184209002" target="_blank">+19184209002</a>
| <b>M:</b>+1918424WEST
(9378)<br>
<b>Skype:</b>briankwest</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-6287859564413664226mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services:
<a class="m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitchsolutions.com" target="_blank">http://www.<wbr>freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.<wbr>org</a>
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a>
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a>
UNSUBSCRIBE:<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a>
<a class="m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
<p><br>
</p>
<pre class="m_-6287859564413664226moz-signature" cols="72">--
Information Technology Works
<a class="m_-6287859564413664226moz-txt-link-freetext" href="https://ITwrx.org" target="_blank">https://ITwrx.org</a>
@ITwrxorg
</pre>
</div></div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font><font size="2" face="monospace, monospace"><br></font><a href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>