[Freeswitch-users] tls with letsencrypt

ITwrx.org info at itwrx.org
Fri Jan 6 01:53:11 MSK 2017


i just copied the pem formatted cert that certbot generated to
/etc/freeswitch/tls and named it tls.pem. it's freeswitch:freeswitch 660
for perms. freeswitch seems capable of reading it, as the tls enabled
profile starts up. i only get an error in fs_cli when the csipsimple
client tries to connect using tls.

thanks

On 01/05/2017 04:36 PM, Brian West wrote:
> How did you format the cert? and in what files did you put them in?
> and are your permissions correct on those files?
>
> On Thu, Jan 5, 2017 at 2:55 PM, ITwrx.org <info at itwrx.org
> <mailto:info at itwrx.org>> wrote:
>
>     hi,
>
>     i'm trying to use a letsencrypt generated cert with freeswitch but am
>     not sure how to proceed. I've read the old and new wiki posts
>     concerning
>     tls but they don't seem to cover my exact scenario. It seems to me
>     that
>     freeswitch is looking into the configured "tls-cert-dir" for the
>     hardcoded filename tls.pem and is expecting that a self generated
>     ca has
>     signed it. i have placed the fullchain.pem in that directory
>     (generated
>     with certbot) and have renamed it tls.pem but i guess it's not finding
>     the CA sig it expects(?) as i'm getting:
>
>     tport_tls.c:1044 tls_connect() tls_connect(0x373c000e8d0): TLS setup
>     failed (error:00000005:lib(0):func(0):DH lib)
>
>     when trying to connect with csipsimple from phone. I would like to
>     avoid
>     generating client certs signed by a custom CA where users have to copy
>     the client cert and ca cert to their device as it adds complexity and
>     problems. Is there a workaround or suggested method for using a
>     letsencrypt cert with freeswitch so that clients like csipsimple can
>     just validate against their built-in CA store?
>
>     thanks in advance,
>     ITwrx
>
>     --
>     Information Technology Works
>     https://ITwrx.org
>     @ITwrxorg
>
>
>     _________________________________________________________________________
>     Professional FreeSWITCH Consulting Services:
>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>     http://www.freeswitchsolutions.com
>     <http://www.freeswitchsolutions.com>
>
>     Official FreeSWITCH Sites
>     http://www.freeswitch.org
>     http://confluence.freeswitch.org <http://confluence.freeswitch.org>
>     http://www.cluecon.com
>
>     FreeSWITCH-users mailing list
>     FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>
>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>     http://www.freeswitch.org
>
>
>
>
> -- 
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com 
> http://www.freeswitchcookbook.com
> https://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! |
> Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *Skype:*briankwest
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org


-- 
Information Technology Works
https://ITwrx.org
@ITwrxorg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170105/9b0e1f90/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list