[Freeswitch-users] Freeswitch not loading SSL

Tim Smith gb10hkzo-fs1 at yahoo.co.uk
Sun Aug 24 22:22:51 MSD 2014

I've installed new certs, checked config in vars, restarted freeswitch entirely, and yet it is still using some sort of internal certificates ?? cafile and agent contain my certs and not those referred to in the openssl output ??  Where is freeswitch hiding these useless default certs are they hardcoded in the source or something silly ?

FreeSWITCH Version 1.4.8+git~20140821T185758Z~1fe89f530f~64bit (git 1fe89f5 2014-08-21 18:57:58Z 64bit)

/usr/local/freeswitch/conf/ssl# openssl verify -CAfile cafile.pem agent.pem
agent.pem: OK

/usr/local/freeswitch/conf# cat vars.xml | grep ssl
     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>

$ openssl s_client -showcerts -connect my.server:5061
depth=0 /C=US/CN=FreeSWITCH
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/CN=FreeSWITCH
verify return:1
Certificate chain
 0 s:/C=US/CN=FreeSWITCH
Server certificate
No client certificate CA names sent
SSL handshake has read 615 bytes and written 328 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Key-Arg   : None
    Start Time:
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list