[Freeswitch-users] WSS certs

Nathan Stratton nathan at robotics.net
Fri Jan 4 14:46:20 UTC 2019 

I created my wss.pem from my .crt .key and .ca-bundle from my wildcard cert
from COMODO. I have my internal.xml file configured to use wss on 443, and
in vars.xml I point ca_certs to /etc/freeswitch/certs where my wss.pem file
lives owned by freeswitch:daemon.

However, when I try to test it, I get back the default self signed cert,
not my cert from wss.pem.


nathan at marge cert $ openssl s_client -connect as1-east.illumy1.com:443
CONNECTED(00000003)
depth=0 C = US, CN = FreeSWITCH
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, CN = FreeSWITCH
verify return:1
---
Certificate chain
 0 s:/C=US/CN=FreeSWITCH
   i:/C=US/CN=FreeSWITCH
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEujCCAqICAQAwDQYJKoZIhvcNAQEFBQAwIjELMAkGA1UEBhMCVVMxEzARBgNV
BAMMCkZyZWVTV0lUQ0gwIBcNMTgxMjI3MDEzOTIyWhgPMjExODEyMTAwMTM5MjJa
MCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApGcmVlU1dJVENIMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA/xUekzi8uf0ea+/GreneBm3sm9IsQ7L1Yfha
8hSvxaX8ElZIlUHUudkCHoreUgoN+AX/F/I4BY93zfAooZ0+q7CVLfJiLsnW5+Do
3o0eDXQWQ1qWm1a2tv4h7pFWTM9erGDIharhIUj45CJhtKM2Z5TxbRIp2HtAOMen
N5M1v+zni7xKS0AOoY6H3i0qHnAeQt5QrpC11575/+5aEWW777W18v5iup9Cn7sR
4LxCdQrnJ9UzthNDvkLz5jYX10JZibVs/DehURv9jimVUYaan1fOzhDtVQh/av22
m4KlTB8xzPSAm0TooRcB0zNbyXCAbnvl9E67orZrxvTzmaKxaPHkGPTqBN962Ti6
TGSYlz31nKGNeABACSbDSRkRZcnv96+VMo6FKoppHpJISXTZwRQhOJ9Im7HVwISE
zqhOgDSMo64DcCyif3LOL/gesRjPkc439HulLikDBBS9oAZq8vNg8x8FPA/urpka
I+mLPTiE39o7vlb6CeBbGeQktUTB+egun8sBYi+DHXW4lX07HLFM6lqhqO8ZYNqY
1hEcPZY0GovVNlPVvebCIJhti/bBa/5EAwBGVJnEWjqTTYeIn1jF8eAxAMFHw94P
RwWAOUgVmq9c5GuRTaw9QWkYg/4Hr4PojGMAIaD0R6m60fIEGOLkzBEUS1Wa6mqK
EZKy6dkCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAoFXoWVf/in6dYKWgxSIOsUWA
yyZiGOexO5P/WW5dVoQ0P67iE2wHkABMTkFe4ir3fHlyeKbbcCB3bU28rsPg/wwo
P0TIbKNAucrwZ8JKhVQErri/bCYMuctdEN1YxqgQh4YVHYs2/tLr3koqD73crpUL
aiq0DNWxx6nbTu7223b40zvKjzLNcjuD6DnKAeMaSdsYjfDtrLk5D1WzMXmG1jzu
wwTAHVn0ru0aiQr3dSpUOD8/V+JqCLO7FbrJL6hpd6NemMasdUjgIr1FenuOmyXn
A0PFIfQgW1LBlJP1UEGW+yWnVFBNn6pS5AwreVWpS1Tsewa8TTPB/A7ZUAlUb4Lg
RsvaBc/56ACG9X2DqOBeYUaK/1Hio4/0n29EpB0zN2R0PPOV2QzBScMecIqbGyf3
gstrMM8KG0GyZRTVOhElWkcgrxre6jM4bzTtOiaZD752pBrYP4EVGtf+oyC9UlKx
7ruCkYuNgyGzJgFfSC8s8zYOBAged3aggQYAL4k7rG3uUTnqOHmQg6XFghWCvc3j
I+TEVKeaGhobcKmZp6CwTjmr63in2D1Kn902wVE6WVdHhJSxT1kuIGf3UYhUWZ6Y
iBdtAKKhd8QmUYvhzpEHyTPV9bVrrIJJRQW3kzB8jVuyrSYYWnxibcpVxAE1CyHb
IlJagm7ZFZDqZ4Gn4TM=
-----END CERTIFICATE-----
subject=/C=US/CN=FreeSWITCH
issuer=/C=US/CN=FreeSWITCH
---
No client certificate CA names sent
---
SSL handshake has read 1527 bytes and written 863 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID:
99DD9750EDDD173E6E41606FB834F0F5AA4B27AA0CCF8284F8D87F47E607D9A9
    Session-ID-ctx:
    Master-Key:
D1F6C0AD00EB7151098BF0DD68670DE9D4631ACED00CE97EAD684B2670BDE283D34FC85CF7D6CED82FB79C68A150988A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 9a 90 ee 94 ba 4d da e1-d7 c9 6d f1 bb 86 0b 74
 .....M....m....t
    0010 - 53 d3 62 eb ca 6b 3e 2b-c4 36 f4 34 ff 73 e0 6a
 S.b..k>+.6.4.s.j
    0020 - 79 f7 72 d7 ca 24 fa 60-bb 37 c8 b9 cd df 71 74
 y.r..$.`.7....qt
    0030 - 00 d8 37 c6 a2 ef dc 49-08 15 36 04 45 58 f5 af
 ..7....I..6.EX..
    0040 - 0c 09 66 36 98 34 6f d0-6d cb 4a 6e 9e 2a 67 d1
 ..f6.4o.m.Jn.*g.
    0050 - b2 84 a1 f2 ff 6f 7a 89-6f 92 5f ca 8b 6a 96 d1
 .....oz.o._..j..
    0060 - 7a 18 f4 b8 50 8e 31 d1-d0 9f 52 d0 01 43 ba eb
 z...P.1...R..C..
    0070 - 6b 89 bb 9e 7c 60 dd 16-ce 2e 14 c4 44 ca 32 74
 k...|`......D.2t
    0080 - da 66 fc 17 ac a3 04 29-3d f6 b8 39 c4 c2 48 81
 .f.....)=..9..H.
    0090 - 75 a1 2e 93 bc 2d 23 c5-5d 35 1b 88 1e 75 97 ee
 u....-#.]5...u..

    Start Time: 1546611916
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
read:errno=0


><>
nathan stratton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190104/7ff7fd97/attachment-0001.html>

More information about the FreeSWITCH-users mailing list