[Freeswitch-users] Help!! FS -TLS interworking issue, How to config to allow "gentls_cert" to generate a root certificate with more longer valid-period ?

Robert Hadley robert.hadley at teotech.com
Mon Jul 30 20:28:36 MSD 2012


Hi Charles,

Try the changes in this attached freeswitch/scripts/gentls_cert.in file.   There were a few typos in the original script.

Regards,
Robert

From: fieldpeak [mailto:fieldpeak at gmail.com]
Sent: Sunday, July 29, 2012 5:57 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] Help!! FS -TLS interworking issue, How to config to allow "gentls_cert" to generate a root certificate with more longer valid-period ?


Could you please help advise more details? how should i do to implement your advise... i have very few knowledge about pki, certificate and tls, thanks a lot! :)

BR,Charles
在 2012-7-30 上午4:57,"curriegrad2004" <curriegrad2004 at gmail.com<mailto:curriegrad2004 at gmail.com>>写道:
You do realize that if your org does have an existing PKI
infrastructure, you can in theory skip all of that. You just need to
know the right values to configure and that's about it. (wink, wink,
nudge, nudge) :)

On Sun, Jul 29, 2012 at 11:23 AM, Mitch Capper <mitch.capper at gmail.com<mailto:mitch.capper at gmail.com>> wrote:
> Try running head from GIT and let us know if you still have a problem.
>
> ~mitch
>
> On Sun, Jul 29, 2012 at 5:25 AM, fieldpeak <fieldpeak at gmail.com<mailto:fieldpeak at gmail.com>> wrote:
>> Hi Masters,
>>
>>
>>
>> I'm testing the TLS on FS to work with softphone.
>>
>>
>>
>> followed the wiki
>> (http://wiki.freeswitch.org/wiki/Tls#EyeBeam.2FBria_Setup),
>>
>>
>>
>> I generated the CA (root) certificate by below command, however, when i
>> install the root certificate on windows, it prompt me that the valid period
>> is for only one month. I tried to change the "DAYS=2190" inside the
>> "gentls_cert" script, but it only effect on server certificate(agent.pem)
>> but not root certificate (cafile.pem), Could anyone please help me,
>> appreciated for your any advise!!
>>
>>
>>
>> ./gentls_cert setup -cn fs.audiocodes.com.cn<http://fs.audiocodes.com.cn> -alt DNS:fs.audiocodes.com.cn<http://fs.audiocodes.com.cn>
>> -org audiocodes.com.cn<http://audiocodes.com.cn>
>>
>>
>>
>> below is from wiki.
>>
>> This will create CA certificate and key along with in conf/ssl/CA
>> directory(cacert.pem, cakey.pem) and certificate in the conf/ssl
>> folder(cafile.pem).
>>
>>  [ Note: The name given for -cn and -alt should be the same as the DNS name
>> of your freeswitch installation and used as the registrar name on the phone
>> (at least on Polycoms). ] You can change the "DAYS=2190" line in the
>> gentls_cert file to make the certificate valid for longer time. However
>> making it too long has some wrap around problem, it appears.
>>
>>
>> To short, I want to change the valid period longer for the cafile.pem ,
>> thanks!!
>>
>>
>> --
>> Regards,
>> Charles
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120730/4afcfada/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gentls_cert.in
Type: application/octet-stream
Size: 4785 bytes
Desc: gentls_cert.in
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120730/4afcfada/attachment-0001.obj 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list