<div dir="ltr">Hi David, <div><br></div><div>So it all depends.. Those docs are just introductions to get a setup "up and running". For example, in the docs you generate self-signed certificates that (although perfectly valid) can give you issues with browsers because their CA is not trusted, etc. Regarding expiration, it all depends, as this is something you choose. </div><div><br></div><div>Going down to your specific problems:</div><div><br></div><div>1- ..${prefix}.. is just a variable, that will be replaced with a value, normally /usr/local/freeswitch, but can be anything (depending on where you installed FS).</div><div>2- When it comes to the "path" that you specify in the config for the certificates, it can also be anything, the important part is that you make sure that the user you run FS with has access to reading those files. If you don't like using ${prefix} you can directly set /path/to/your/certs, just remember double checking the permissions.</div><div>3- When you renew your certificate, you will have to make FS aware of that, I'd have to check but I'm pretty sure that after updating the files a sofia profile rescan should be enough.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 29, 2018 at 11:48 AM, David P <span dir="ltr"><<a href="mailto:davidswalkabout@gmail.com" target="_blank">davidswalkabout@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hi Joel, please have a look at my first post yesterday in this thread in which I ask about that doc. In particular, what is {prefix} for a jessie install? And if I follow steps 1-4, how do I renew the cert later?</div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Tue, 29 May 2018, 11:28 am Joel Serrano, <<a href="mailto:joel@textplus.com" target="_blank">joel@textplus.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi David, <div><br></div><div>Have a look at: <a href="https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence/display/FREESWITCH/<wbr>SIP+TLS</a></div><div><br></div><div>You have information on how to generate the certificates..</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 28, 2018 at 9:46 PM, David P <span dir="ltr"><<a href="mailto:davidswalkabout@gmail.com" rel="noreferrer" target="_blank">davidswalkabout@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">To be a little more specific, I think you would suggest following <a href="https://freeswitch.org/confluence/display/FREESWITCH/WebRTC#WebRTC-InstallCertificates" rel="noreferrer" target="_blank">https://freeswitch.<wbr>org/confluence/display/<wbr>FREESWITCH/WebRTC#WebRTC-<wbr>InstallCertificates</a> after installing fs on jessie. However, the section there about "Install Certificates" assumes there is already a cert, key, and chain on disk that can be concatenated into a wss.pem. But it seems to me those files don't exist after installing fs on jessie; in particular, /etc/freeswitch/tls/ is empty.</div><div class="m_4698848074900528470m_4578300283650202671HOEnZb"><div class="m_4698848074900528470m_4578300283650202671h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 28, 2018 at 9:00 PM, David P <span dir="ltr"><<a href="mailto:davidswalkabout@gmail.com" rel="noreferrer" target="_blank">davidswalkabout@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Ok, Giovanni. Using your confluence page's search box (not google) for jessie yields one match:<div><br></div><div><a href="https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence/display/FREESWITCH/<wbr>Debian+8+Jessie</a></div><div><br></div><div>I launched a debian jessie EC2, then followed section "Installing From Debian Packages" at the link above. In particular, I followed the advice in the comment about creating a "freeswitch" folder under /etc before the apt-get to install freeswitch. There were no errors.</div><div><br></div><div>Now the only thing under /etc/freeswitch/ is an empty tls/ folder. Is this expected?</div><div><br></div><div>Next, to install a CA cert for use by verto and SIP clients, do I follow steps 1-4 at <a href="https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence/display/FREESWITCH/<wbr>SIP+TLS</a> ? If so, what is {prefix} for this kind of FS install?</div><span><div><br></div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 28, 2018 at 8:03 AM, Giovanni Maruzzelli <span dir="ltr"><<a href="mailto:gmaruzz@gmail.com" rel="noreferrer" target="_blank">gmaruzz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">- Trash your aws instance<div dir="auto">- Start with a new jessie 64 sefver i stance (jessie!!!)</div><div dir="auto">- search in <a href="http://freeswitch.org/confluence" rel="noreferrer" target="_blank">freeswitch.org/confluence</a> about jessie</div><div dir="auto">- follow the steps to "install freeswit h on jessie" (copy and paste)</div><div dir="auto">- profit!</div><div dir="auto"><br></div><div dir="auto">Do not try anything advanced until you know the basics.</div><span class="m_4698848074900528470m_4578300283650202671m_7694336450651689077m_-8754877929736108197gmail-HOEnZb"><font color="#888888"><div dir="auto"><br></div><div dir="auto">-giovanni</div></font></span></div></blockquote></div></div></div></span></div>
</blockquote></div><br></div>
</div></div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" rel="noreferrer" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" rel="noreferrer" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" rel="noreferrer" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" rel="noreferrer" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer noreferrer" target="_blank">http://www.freeswitch.org</a></blockquote></div>
</div></div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>