[Freeswitch-users] TLS error?

Brian West brian at freeswitch.org
Fri Dec 27 21:53:52 MSK 2013


Please file a JIRA.

--
Brian West
brian at freeswitch.org
FreeSWITCH Solutions, LLC
PO BOX 2531
Brookfield, WI 53008-2531
Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
iNUM: +883 5100 1420 9001
ISN: 410*543
Skype:briankwest
PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)













On Dec 26, 2013, at 1:19 AM, Abdullah <abdullah at smonte.com> wrote:

> hi ,all 
> 
> 
> please use below mentioned cert file code in your gencert-tls file , hope
> Tls connection made successfully 
> 
> iffi
> 
> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
> 
> #!/bin/sh
> 
> CONFDIR=/usr/local/freeswitch/conf/ssl
> DAYS=2190
> KEY_SIZE=1024
> export KEY_SIZE=${KEY_SIZE}
> 
> TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
> 
> COMMON_NAME="FreesSWITCH CA"
> ALT_NAME="DNS:test.freeswitch.org"
> ORG_NAME="FreeSWITCH"
> OUTFILE="agent.pem"
> 
> umask 037
> 
> check_ca() {
> 	for x in cacert.pem cakey.pem config.tpl; do
> 		if [ ! -e "${CONFDIR}/CA/${x}" ]; then
> 			return 1
> 		fi
> 	done
> 
> 	return 0
> }
> 
> setup_ca() {
> 	if check_ca; then
> 		echo "Existing CA found in \"${CONFDIR}/CA\""
> 		echo "(Use \"gentls_cert remove\" to delete)"
> 		exit 1
> 	fi
> 
> 	echo "Creating new CA..."
> 
> 	if [ ! -d "${CONFDIR}/CA" ]; then
> 		mkdir -p -m 750 "${CONFDIR}/CA" || exit  1
> 	fi
> 
> 	if [ -e "${CONFDIR}/CA/config.tpl" ]; then
> 		if [ $0 -nt "${CONFDIR}/CA/config.tpl" ]; then
> 			echo "WARNING! genttls_cert has a modified time more recent than
> ${CONFDIR}/CA/config.tpl remove config.tpl to re-generate it"
> 		fi
> 	else
> 		cat > "${CONFDIR}/CA/config.tpl" <<-EOF
> 			[ req ]
> 			default_bits            = \$ENV::KEY_SIZE
> 			prompt                  = no
> 			distinguished_name      = req_dn
> 
> 			[ req_dn ]
> 			commonName              = %CN%
> 			organizationName	= %ORG%
> 
> 			[ server ]
> 			nsComment="FS Server Cert"
> 			basicConstraints=CA:FALSE
> 			subjectKeyIdentifier=hash
> 			authorityKeyIdentifier=keyid,issuer:always
> 			subjectAltName=%ALTNAME%
> 			nsCertType=server
> 			extendedKeyUsage=serverAuth
> 
> 			[ client ]
> 			nsComment="FS Client Cert"
> 			basicConstraints=CA:FALSE
> 			subjectKeyIdentifier=hash
> 			authorityKeyIdentifier=keyid,issuer:always
> 			subjectAltName=%ALTNAME%
> 			nsCertType=client
> 			extendedKeyUsage=clientAuth
> 		EOF
> 	fi
> 
> 	sed \
> 		-e "s|%CN%|$COMMON_NAME|" \
> 		-e "s|%ORG%|$ORG_NAME|" \
> 		-e "/%ALTNAME%/d" \
> 		-e "s|CA:FALSE|CA:TRUE|" \
> 		"${CONFDIR}/CA/config.tpl" \
> 			> "${TMPFILE}.cfg" || exit 1
> 
> 	openssl req -out "${CONFDIR}/CA/cacert.pem" \
> 		-new -x509 -keyout "${CONFDIR}/CA/cakey.pem" \
> 		-config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha1 >/dev/null || exit 1
> 	cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
> 	rm "${TMPFILE}.cfg"
> 
> 	echo "DONE"
> }
> 
> generate_cert() {
> 	local val=""
> 
> 	if ! check_ca; then
> 		echo "No existing CA found, please create one with \"gentls_cert setup\"
> first"
> 		exit 1
> 	fi
> 
> 	echo "Generating new certificate..."
> 
> 	echo
> 	echo "--------------------------------------------------------"
> 	echo "CN: \"${COMMON_NAME}\""
> 	echo "ORG_NAME: \"${ORG_NAME}\""
> 	echo "ALT_NAME: \"${ALT_NAME}\""
> 	echo
> 	echo "Certificate filename \"${OUTFILE}\""
> 	echo
> 	echo "[Is this OK? (y/N)]"
> 	read val
> 	if [ "${val}" != "y" ] && [ "${val}" != "Y" ]; then
> 		echo "Aborted"
> 		return 2
> 	fi
> 
> 	sed \
> 		-e "s|%CN%|$COMMON_NAME|" \
> 		-e "s|%ALTNAME%|$ALT_NAME|" \
> 		-e "s|%ORG%|$ORG_NAME|" \
> 		"${CONFDIR}/CA/config.tpl" \
> 			> "${TMPFILE}.cfg" || exit 1
> 
> 	openssl req -new -out "${TMPFILE}.req" \
> 		-newkey rsa:${KEY_SIZE} -keyout "${TMPFILE}.key" \
> 		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
> 
> 	openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA
> "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
> 		-in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
> 		-extensions "${EXTENSIONS}" -days ${DAYS} -sha1 >/dev/null || exit 1
> 
> 	cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/${OUTFILE}"
> 
> 	rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
> 
> 	echo "DONE"
> }
> 
> remove_ca() {
> 	echo "Removing CA"
> 
> 	if [ -d "${CONFDIR}/CA" ]; then
> 		rm "${CONFDIR}/CA/"*
> 		rmdir "${CONFDIR}/CA"
> 	fi
> 
> 	echo "DONE"
> }
> OUTFILESET="0"
> command="$1"
> shift
> 
> while [ $# -gt 0 ]; do
> 	case $1 in
> 		-cn)
> 			shift
> 			COMMON_NAME="$1"
> 			;;
> 		-alt)
> 			shift
> 			ALT_NAME="$1"
> 			;;
> 		-org)
> 			shift
> 			ORG_NAME="$1"
> 			;;
> 		-out)
> 			shift
> 			OUTFILE="$1"
> 			OUTFILESET="1"
> 			;;
> 		-days)
> 			shift
> 			DAYS="$1"
> 			;;
> 	esac
> 	shift
> done
> 
> 
> case ${command} in
> 	setup)
> 		setup_ca
> 		;;
> 
> 	create)
> 		EXTENSIONS="server"
> 		generate_cert
> 		;;
> 	create_server)
> 		EXTENSIONS="server"
> 		generate_cert
> 		;;
> 	create_client)
> 		EXTENSIONS="client"
> 		if [ "${OUTFILESET}" = "0" ]; then
> 			OUTFILE="client.pem"
> 		fi
> 		generate_cert
> 		;;
> 
> 	remove)
> 		echo "Are you sure you want to delete the CA? [YES to delete]"
> 		read val
> 		if [ "${val}" = "YES" ]; then
> 			remove_ca
> 		else
> 			echo "Not deleting CA"
> 		fi
> 		;;
> 
> 	*)
> 		cat <<-EOF
> 		$0 <setup|create_server|create_client|clean> [options]
> 
> 		  * commands:
> 
> 		    setup  - Setup new CA
> 		    remove - Remove CA
> 
> 		    create_server - Create new certificate (overwriting existing!)
> 		    create_client - Create a new client certificate (overwrites existing!)
> 
> 		  * options:
> 
> 		   -cn       Set common name
> 		   -alt      Set alternative name (use prefix 'DNS:' or 'URI:')
> 		   -org      Set organization name
> 		   -out      Filename for new certificate (create only)
> 		   -days     Certificate expires in X days (default: 365)
> 
> 		EOF
> 		exit 1
> 		;;
> esac
> 
> 
> 
> 
> --
> View this message in context: http://freeswitch-users.2379917.n2.nabble.com/TLS-error-tp5320107p7596031.html
> Sent from the freeswitch-users mailing list archive at Nabble.com.
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131227/4c87b9b4/attachment.bin 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list