<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks for everyone's input. i ended up
concatenating the cert, the intermediate cert and the key from
letsencrypt as tls.pem and i can register and make calls with
linphone desktop client over tls. Before, i had the cert and the
intermediate cert concatenated as tls.pem. :) <br>
<br>
csipsimple still causes the "dh_lib" error, however. Is this
caused by a cipher suite mismatch between freeswitch and
csipsimple? or something else? <br>
<br>
thanks.<br>
<br>
On 01/06/2017 04:58 AM, Mirko Brankovic wrote:<br>
</div>
<blockquote
cite="mid:CAND18T2ZiBF2PYWP8+imvpA9a3p=srtfaBSmY-KKqCx9Ob-yqA@mail.gmail.com"
type="cite">
<div dir="ltr">Hey,
<div>All I had to do to get it work is to place cert and key in
one pem file for FS, so like:</div>
<div>cat /etc/letsencrypt/live/${domain}/cert.pem
/etc/letsencrypt/live/${domain}/privkey.pem >
/usr/local/freeswitch/certs/wss.pem<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Jan 6, 2017 at 3:24 AM,
ITwrx.org <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_-9072117229371709625moz-cite-prefix">dtls-srtp.pem,
<br>
tls.pem(the "stand in" i previously described), <br>
and the original (could be from my old server where i
set up tls following the freeswitch wiki) tls.pem which
has been renamed to tls.pem.orig.
<div>
<div class="h5"><br>
<br>
On 01/05/2017 06:43 PM, Brian West wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">There is a lot more to it than that,
what files are in that tls folder?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 5, 2017 at
4:53 PM, ITwrx.org <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:info@itwrx.org" target="_blank">info@itwrx.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div
class="m_-9072117229371709625m_-6287859564413664226moz-cite-prefix">i
just copied the pem formatted cert that
certbot generated to /etc/freeswitch/tls
and named it tls.pem. it's
freeswitch:freeswitch 660 for perms.
freeswitch seems capable of reading it, as
the tls enabled profile starts up. i only
get an error in fs_cli when the csipsimple
client tries to connect using tls.<br>
<br>
thanks
<div>
<div class="m_-9072117229371709625h5"><br>
<br>
On 01/05/2017 04:36 PM, Brian West
wrote:<br>
</div>
</div>
</div>
<div>
<div class="m_-9072117229371709625h5">
<blockquote type="cite">
<div dir="ltr">How did you format the
cert? and in what files did you put
them in? and are your permissions
correct on those files?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan
5, 2017 at 2:55 PM, ITwrx.org <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:info@itwrx.org"
target="_blank">info@itwrx.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">hi,<br>
<br>
i'm trying to use a letsencrypt
generated cert with freeswitch
but am<br>
not sure how to proceed. I've
read the old and new wiki posts
concerning<br>
tls but they don't seem to cover
my exact scenario. It seems to
me that<br>
freeswitch is looking into the
configured "tls-cert-dir" for
the<br>
hardcoded filename tls.pem and
is expecting that a self
generated ca has<br>
signed it. i have placed the
fullchain.pem in that directory
(generated<br>
with certbot) and have renamed
it tls.pem but i guess it's not
finding<br>
the CA sig it expects(?) as i'm
getting:<br>
<br>
tport_tls.c:1044 tls_connect()
tls_connect(0x373c000e8d0): TLS
setup<br>
failed
(error:00000005:lib(0):func(0)<wbr>:DH
lib)<br>
<br>
when trying to connect with
csipsimple from phone. I would
like to avoid<br>
generating client certs signed
by a custom CA where users have
to copy<br>
the client cert and ca cert to
their device as it adds
complexity and<br>
problems. Is there a workaround
or suggested method for using a<br>
letsencrypt cert with freeswitch
so that clients like csipsimple
can<br>
just validate against their
built-in CA store?<br>
<br>
thanks in advance,<br>
ITwrx<br>
<br>
--<br>
Information Technology Works<br>
<a moz-do-not-send="true"
href="https://ITwrx.org"
rel="noreferrer"
target="_blank">https://ITwrx.org</a><br>
@ITwrxorg<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH
Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
rel="noreferrer"
target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
rel="noreferrer"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://confluence.freeswitch.org"
rel="noreferrer"
target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com"
rel="noreferrer"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
rel="noreferrer"
target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a
moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
rel="noreferrer"
target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
rel="noreferrer"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div
class="m_-9072117229371709625m_-6287859564413664226gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<p><font
face="courier
new,
monospace"><b><i><font
size="4">Brian
West</font></i></b><br>
<span
style="font-size:x-small"><a
moz-do-not-send="true" href="mailto:brian@freeswitch.org"
target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font
size="1"
face="courier
new,
monospace"><img
moz-do-not-send="true"
src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br>
</font></p>
<p><font
size="2"
face="monospace,
monospace"><b><i>Twitter:
@FreeSWITCH ,
@briankwest</i></b><br>
<a
moz-do-not-send="true"
href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <br>
<a
moz-do-not-send="true"
href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.<wbr>com</a></font><font
size="2"
face="monospace,
monospace"><br>
</font><a
moz-do-not-send="true"
href="https://www.gofundme.com/freeswitch_ubuntu"
style="font-size:12.8px"
target="_blank"><font face="monospace, monospace">https://www.gofundme.com/frees<wbr>witch_ubuntu</font></a></p>
<p><font
face="monospace,
monospace">Got
Bugs? Report
them <a
moz-do-not-send="true"
href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a
moz-do-not-send="true" href="https://www.reddit.com/r/freeswitch"
target="_blank">/r/freeswitch</a></font></p>
<p><font
size="2"
face="monospace,
monospace"><b>T:</b><a
moz-do-not-send="true" href="tel:%28918%29%20420-9001"
value="+19184209001"
target="_blank">+19184209001</a> | <b>F:</b><a moz-do-not-send="true"
href="tel:%28918%29%20420-9002"
value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST
(9378)<br>
<b>Skype:</b>briankwest</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_-9072117229371709625m_-6287859564413664226mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions<wbr>.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.o<wbr>rg</a>
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a>
UNSUBSCRIBE:<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a>
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
</blockquote>
<p>
</p>
<pre class="m_-9072117229371709625m_-6287859564413664226moz-signature" cols="72">--
Information Technology Works
<a moz-do-not-send="true" class="m_-9072117229371709625m_-6287859564413664226moz-txt-link-freetext" href="https://ITwrx.org" target="_blank">https://ITwrx.org</a>
@ITwrxorg
</pre>
</div></div></div>
______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>
</blockquote></div>
<div>
</div>--
<div class="m_-9072117229371709625gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="m_-9072117229371709625gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b>
<span style="font-size:x-small"><a moz-do-not-send="true" href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img moz-do-not-send="true" src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png">
</font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b>
<a moz-do-not-send="true" href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a>
<a moz-do-not-send="true" href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.<wbr>com</a></font><font size="2" face="monospace, monospace">
</font><a moz-do-not-send="true" href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/<wbr>freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a moz-do-not-send="true" href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a moz-do-not-send="true" href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace, monospace"><b>T:</b><a moz-do-not-send="true" href="tel:+1%20918-420-9001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a moz-do-not-send="true" href="tel:+1%20918-420-9002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)
<b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<fieldset class="m_-9072117229371709625mimeAttachmentHeader"></fieldset>
<pre>______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://www.freeswitchsolutions.com" target="_blank">http://www.<wbr>freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.<wbr>org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a>
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a>
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre>
</blockquote>
<p>
</p><pre class="m_-9072117229371709625moz-signature" cols="72">--
Information Technology Works
<a moz-do-not-send="true" class="m_-9072117229371709625moz-txt-link-freetext" href="https://ITwrx.org" target="_blank">https://ITwrx.org</a>
@ITwrxorg
</pre></div></div></div>
______________________________<wbr>______________________________<wbr>_____________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a>
</blockquote></div>
<div>
</div>--
<div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr">Regards,<div>Mirko</div></div></div></div></div></div></div></div></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<p>
</p><pre class="moz-signature" cols="72">--
Information Technology Works
<a class="moz-txt-link-freetext" href="https://ITwrx.org">https://ITwrx.org</a>
@ITwrxorg
</pre></body></html>