<div dir="ltr">Thanks Nathan.<br><div><br></div><div>I am using FS 1.8.5. I used server cert (with chain) and private key in agent.pem and root CA certs in cacert.pem and cafile.pem.</div><div>Is root CA not needed here? I have configured the root CA cert @ the SIP B2BUA am using.</div><div>I am new to TLS so please bear with me if these are basic questions.</div><div><br></div><div>Thanks</div><div>Ramesh</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 23, 2020 at 6:43 AM Nathan Stratton <<a href="mailto:nathan@robotics.net">nathan@robotics.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Sure, I am using 3rd party cert from comodo. I just did the following:<div><br></div><div>cat {privatekey} > tls.pem</div><div>cat {cert} >> tls.pem</div><div>cat {chain} >> tls.pem</div><div><br></div><div>Make sure that in your sip_profiles that use TLS that you have tls-cert-dir pointing to your tls.pem directory.</div><div><br></div><div>BTW, the same works for wss.pem<br clear="all"><div><div dir="ltr"><div dir="ltr"><div><br>><><br>nathan stratton</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 22, 2020 at 10:56 PM ramelcom <<a href="mailto:ramelcom@gmail.com" target="_blank">ramelcom@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
I am trying to setup TLS in FreeSWITCH. In my usecase, FS acts as a server<br>
and another SIP B2BUA acts as the client. I was able to successfully setup<br>
the TLS if I generate the certificates at FS and configure with those.<br>
However, if I want to use server certificate generated and signed by 3rd<br>
party, it doesn't work. I added server certificate as agent.pem and root CA<br>
as cacert.pem and cafile.pem. Also, I am configuring the root CA at SIP<br>
B2BUA side. When SIP B2BUA sends Client Hello, FS rejects with 'Handshake<br>
failed' error. <br>
Can you please help on this?<br>
<br>
Thanks<br>
Ramesh<br>
<br>
<br>
<br>
--<br>
Sent from: <a href="http://freeswitch-users.2379917.n2.nabble.com/" rel="noreferrer" target="_blank">http://freeswitch-users.2379917.n2.nabble.com/</a><br>
<br>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>