<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1"><font face="Arial">- create wss.pem file for
freeswitch and format it likes this and save in freeswitch certs
folder<br>
<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the actual certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN RSA PRIVATE KEY-----<br>
<lots of gibberish from the actual certificate><br>
-----END RSA PRIVATE KEY-----<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the intermediate certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN CERTIFICATE-----<br>
<even more gibberish from the root certificate><br>
-----END CERTIFICATE-----<br>
<br>
- tls.pem and agent.pem will have this<br>
<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the actual certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN RSA PRIVATE KEY-----<br>
<lots of gibberish from the actual certificate><br>
-----END RSA PRIVATE KEY-----<br>
<br>
- cafile.pem will have this<br>
<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the intermediate certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN CERTIFICATE-----<br>
<even more gibberish from the root certificate><br>
-----END CERTIFICATE-----<br>
<br>
<br>
</font></font>
<div class="moz-signature">
<style>
body {
font-family: Verdana, sans-serif;
font-size: 0.8em;
color:#484848;
}
h1, h2, h3 { font-family: "Trebuchet MS", Verdana, sans-serif; margin:0in; margin-bottom:.0001pt; }
p.footr { font-family: "Trebuchet MS", Verdana, sans-serif; margin:0in; margin-bottom:.0001pt; }
h1 { font-size: 1.2em; }
h2, h3 { font-size: 1.1em; }
a, a:link, a:visited { color: #2A5685;}
a:hover, a:active { color: #c61a1a; }
a.wiki-anchor { display: none; }
hr {
width: 100%;
height: 1px;
background: #ccc;
border: 0;
}
</style>Regards,<br>
Bipin<br>
<br>
<br>
<hr>
</div>
<div class="moz-cite-prefix">On 4/1/2019 6:46 PM, Nathan Stratton
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHubkyN1F1kP1f0amJBWq7JED2xNTF_YVwpZnoHEkGpHB4awgg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">I created my wss.pem from my .crt .key and
.ca-bundle from my wildcard cert from COMODO. I have my
internal.xml file configured to use wss on 443, and in
vars.xml I point ca_certs to /etc/freeswitch/certs where my
wss.pem file lives owned by freeswitch:daemon.
<div><br>
</div>
<div>However, when I try to test it, I get back the default
self signed cert, not my cert from wss.pem. </div>
<div><br>
</div>
<div><br clear="all">
<div>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div>
<div>nathan@marge cert $ openssl s_client -connect <a
href="http://as1-east.illumy1.com:443"
moz-do-not-send="true">as1-east.illumy1.com:443</a></div>
<div>CONNECTED(00000003)</div>
<div>depth=0 C = US, CN = FreeSWITCH</div>
<div>verify error:num=18:self signed certificate</div>
<div>verify return:1</div>
<div>depth=0 C = US, CN = FreeSWITCH</div>
<div>verify return:1</div>
<div>---</div>
<div>Certificate chain</div>
<div> 0 s:/C=US/CN=FreeSWITCH</div>
<div> i:/C=US/CN=FreeSWITCH</div>
<div>---</div>
<div>Server certificate</div>
<div>-----BEGIN CERTIFICATE-----</div>
<div>MIIEujCCAqICAQAwDQYJKoZIhvcNAQEFBQAwIjELMAkGA1UEBhMCVVMxEzARBgNV</div>
<div>BAMMCkZyZWVTV0lUQ0gwIBcNMTgxMjI3MDEzOTIyWhgPMjExODEyMTAwMTM5MjJa</div>
<div>MCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApGcmVlU1dJVENIMIICIjANBgkqhkiG</div>
<div>9w0BAQEFAAOCAg8AMIICCgKCAgEA/xUekzi8uf0ea+/GreneBm3sm9IsQ7L1Yfha</div>
<div>8hSvxaX8ElZIlUHUudkCHoreUgoN+AX/F/I4BY93zfAooZ0+q7CVLfJiLsnW5+Do</div>
<div>3o0eDXQWQ1qWm1a2tv4h7pFWTM9erGDIharhIUj45CJhtKM2Z5TxbRIp2HtAOMen</div>
<div>N5M1v+zni7xKS0AOoY6H3i0qHnAeQt5QrpC11575/+5aEWW777W18v5iup9Cn7sR</div>
<div>4LxCdQrnJ9UzthNDvkLz5jYX10JZibVs/DehURv9jimVUYaan1fOzhDtVQh/av22</div>
<div>m4KlTB8xzPSAm0TooRcB0zNbyXCAbnvl9E67orZrxvTzmaKxaPHkGPTqBN962Ti6</div>
<div>TGSYlz31nKGNeABACSbDSRkRZcnv96+VMo6FKoppHpJISXTZwRQhOJ9Im7HVwISE</div>
<div>zqhOgDSMo64DcCyif3LOL/gesRjPkc439HulLikDBBS9oAZq8vNg8x8FPA/urpka</div>
<div>I+mLPTiE39o7vlb6CeBbGeQktUTB+egun8sBYi+DHXW4lX07HLFM6lqhqO8ZYNqY</div>
<div>1hEcPZY0GovVNlPVvebCIJhti/bBa/5EAwBGVJnEWjqTTYeIn1jF8eAxAMFHw94P</div>
<div>RwWAOUgVmq9c5GuRTaw9QWkYg/4Hr4PojGMAIaD0R6m60fIEGOLkzBEUS1Wa6mqK</div>
<div>EZKy6dkCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAoFXoWVf/in6dYKWgxSIOsUWA</div>
<div>yyZiGOexO5P/WW5dVoQ0P67iE2wHkABMTkFe4ir3fHlyeKbbcCB3bU28rsPg/wwo</div>
<div>P0TIbKNAucrwZ8JKhVQErri/bCYMuctdEN1YxqgQh4YVHYs2/tLr3koqD73crpUL</div>
<div>aiq0DNWxx6nbTu7223b40zvKjzLNcjuD6DnKAeMaSdsYjfDtrLk5D1WzMXmG1jzu</div>
<div>wwTAHVn0ru0aiQr3dSpUOD8/V+JqCLO7FbrJL6hpd6NemMasdUjgIr1FenuOmyXn</div>
<div>A0PFIfQgW1LBlJP1UEGW+yWnVFBNn6pS5AwreVWpS1Tsewa8TTPB/A7ZUAlUb4Lg</div>
<div>RsvaBc/56ACG9X2DqOBeYUaK/1Hio4/0n29EpB0zN2R0PPOV2QzBScMecIqbGyf3</div>
<div>gstrMM8KG0GyZRTVOhElWkcgrxre6jM4bzTtOiaZD752pBrYP4EVGtf+oyC9UlKx</div>
<div>7ruCkYuNgyGzJgFfSC8s8zYOBAged3aggQYAL4k7rG3uUTnqOHmQg6XFghWCvc3j</div>
<div>I+TEVKeaGhobcKmZp6CwTjmr63in2D1Kn902wVE6WVdHhJSxT1kuIGf3UYhUWZ6Y</div>
<div>iBdtAKKhd8QmUYvhzpEHyTPV9bVrrIJJRQW3kzB8jVuyrSYYWnxibcpVxAE1CyHb</div>
<div>IlJagm7ZFZDqZ4Gn4TM=</div>
<div>-----END CERTIFICATE-----</div>
<div>subject=/C=US/CN=FreeSWITCH</div>
<div>issuer=/C=US/CN=FreeSWITCH</div>
<div>---</div>
<div>No client certificate CA names sent</div>
<div>---</div>
<div>SSL handshake has read 1527 bytes and written
863 bytes</div>
<div>---</div>
<div>New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384</div>
<div>Server public key is 4096 bit</div>
<div>Secure Renegotiation IS supported</div>
<div>Compression: NONE</div>
<div>Expansion: NONE</div>
<div>No ALPN negotiated</div>
<div>SSL-Session:</div>
<div> Protocol : TLSv1.2</div>
<div> Cipher : AES256-GCM-SHA384</div>
<div> Session-ID:
99DD9750EDDD173E6E41606FB834F0F5AA4B27AA0CCF8284F8D87F47E607D9A9</div>
<div> Session-ID-ctx: </div>
<div> Master-Key:
D1F6C0AD00EB7151098BF0DD68670DE9D4631ACED00CE97EAD684B2670BDE283D34FC85CF7D6CED82FB79C68A150988A</div>
<div> Key-Arg : None</div>
<div> Krb5 Principal: None</div>
<div> PSK identity: None</div>
<div> PSK identity hint: None</div>
<div> TLS session ticket lifetime hint: 300
(seconds)</div>
<div> TLS session ticket:</div>
<div> 0000 - 9a 90 ee 94 ba 4d da e1-d7 c9 6d f1
bb 86 0b 74 .....M....m....t</div>
<div> 0010 - 53 d3 62 eb ca 6b 3e 2b-c4 36 f4 34
ff 73 e0 6a S.b..k>+.6.4.s.j</div>
<div> 0020 - 79 f7 72 d7 ca 24 fa 60-bb 37 c8 b9
cd df 71 74 y.r..$.`.7....qt</div>
<div> 0030 - 00 d8 37 c6 a2 ef dc 49-08 15 36 04
45 58 f5 af ..7....I..6.EX..</div>
<div> 0040 - 0c 09 66 36 98 34 6f d0-6d cb 4a 6e
9e 2a 67 d1 ..f6.4o.m.Jn.*g.</div>
<div> 0050 - b2 84 a1 f2 ff 6f 7a 89-6f 92 5f ca
8b 6a 96 d1 .....oz.o._..j..</div>
<div> 0060 - 7a 18 f4 b8 50 8e 31 d1-d0 9f 52 d0
01 43 ba eb z...P.1...R..C..</div>
<div> 0070 - 6b 89 bb 9e 7c 60 dd 16-ce 2e 14 c4
44 ca 32 74 k...|`......D.2t</div>
<div> 0080 - da 66 fc 17 ac a3 04 29-3d f6 b8 39
c4 c2 48 81 .f.....)=..9..H.</div>
<div> 0090 - 75 a1 2e 93 bc 2d 23 c5-5d 35 1b 88
1e 75 97 ee u....-#.]5...u..</div>
<div><br>
</div>
<div> Start Time: 1546611916</div>
<div> Timeout : 300 (sec)</div>
<div> Verify return code: 18 (self signed
certificate)</div>
<div>---</div>
<div><a class="moz-txt-link-freetext" href="read:errno=0">read:errno=0</a></div>
<div><br>
</div>
<div><br>
</div>
><><br>
nathan stratton</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_________________________________________________________________________
Professional FreeSWITCH Services
<a class="moz-txt-link-abbreviated" href="mailto:sales@freeswitch.com">sales@freeswitch.com</a>
<a class="moz-txt-link-freetext" href="https://freeswitch.com">https://freeswitch.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="https://freeswitch.com/oss">https://freeswitch.com/oss</a>
<a class="moz-txt-link-freetext" href="https://freeswitch.org/confluence">https://freeswitch.org/confluence</a>
<a class="moz-txt-link-freetext" href="https://cluecon.com">https://cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="https://freeswitch.com">https://freeswitch.com</a></pre>
</blockquote>
<br>
</body>
</html>