[Freeswitch-users] enabling tls cause sip_profile error

Robert Hadley robert.hadley at teotech.com
Fri Nov 8 19:56:41 MSK 2013 

Hi Assaf,

I don't know offhand what files are required or what types of certs are supported.  One suggestion would be to follow FS instructions to create self-signed cert files and see if the profile works in SSL mode first (it does for me), then figure out what is necessary to use your cert.  You probably need all of the *.pem files.

What version of OS are you using?

In the 1.2.14 stable branch, there was a change made to the freeswitch/scripts/gentls_cert.in file that uses "openssl ecparam" command that is not available in OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 for CentOS 5.7.  I have to use an earlier revision of the script.


Regards,
Robert


-----Original Message-----
From: Assaf Dahary [mailto:adahary at gmail.com] 
Sent: Thursday, November 07, 2013 12:34 PM
To: 'FreeSWITCH Users Help'
Subject: Re: [Freeswitch-users] enabling tls cause sip_profile error

Robert,

I'm using certs from StartSSL - not self generated by fs tools.
The certs from startssl works file with apache/https so I assume they should work fine conf/ssl.

I'm not yet testing my sip client with fs tls.

I'm still not able to reload FS with tls config and have the tls port up and open for sip/tls requests from my client.

Should I must have all files list that you specified in order to bring up the tls port?

Assaf


-----Original Message-----
From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Robert Hadley
Sent: Thursday, November 07, 2013 9:38 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] enabling tls cause sip_profile error

Hi assaf,

Did you follow the instructions to create your server's CA cert:
http://wiki.freeswitch.org/wiki/SIP_TLS#Step_1_-_Generate_the_CA_.28Root.29_
Certificate
Note that you have insert your server's FQDN in the script command, replacing the " pbx.freeswitch.org".

Verify there is an "ssl" folder in the freeswitch install conf folder.
in freeswitch/conf/ssl/
                                    +--> agent.pem  CA  cafile.pem
                                                                    +--> config.tpl  cakey.pem  cacert.srl  cacert.pem

Regards,
Robert

-----Original Message-----
From: adahary [mailto:adahary at gmail.com]
Sent: Thursday, November 07, 2013 6:12 AM
To: freeswitch-users at lists.freeswitch.org
Subject: [Freeswitch-users] enabling tls cause sip_profile error

I have enabled tls/ssl in vars.xml and restarted freeswitch.
when reloading mod_sofia all profiles got into errors.

I have read that openssl-devel should be install before compiling FS.

I did that before building FS without adding anything special for the ssl on the ./configure command (like  --enable-zrtp).

I'm about to repeat the build procedure but before that I would like to ask if there is something elese to be done beside installing openssl-devel
(done) and # ./configure.

regards

assaf





--
View this message in context:
http://freeswitch-users.2379917.n2.nabble.com/enabling-tls-cause-sip-profile
-error-tp7595981.html
Sent from the freeswitch-users mailing list archive at Nabble.com.



_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

 

Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4158 / Virus Database: 3629/6814 - Release Date: 11/06/13

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list