[Freeswitch-users] WSS certs

Nathan Stratton nathan at robotics.net
Tue Jan 8 14:11:19 UTC 2019


In case anyone else runs into this, you need:

<param name="tls-cert-dir" value="/etc/freeswitch/certs"/>

I thought it was just for tls, but it's also used to point to wss.pem.

><>
nathan stratton


On Fri, Jan 4, 2019 at 9:46 AM Nathan Stratton <nathan at robotics.net> wrote:

> I created my wss.pem from my .crt .key and .ca-bundle from my wildcard
> cert from COMODO. I have my internal.xml file configured to use wss on 443,
> and in vars.xml I point ca_certs to /etc/freeswitch/certs where my
> wss.pem file lives owned by freeswitch:daemon.
>
> However, when I try to test it, I get back the default self signed cert,
> not my cert from wss.pem.
>
>
> nathan at marge cert $ openssl s_client -connect as1-east.illumy1.com:443
> CONNECTED(00000003)
> depth=0 C = US, CN = FreeSWITCH
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 C = US, CN = FreeSWITCH
> verify return:1
> ---
> Certificate chain
>  0 s:/C=US/CN=FreeSWITCH
>    i:/C=US/CN=FreeSWITCH
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIEujCCAqICAQAwDQYJKoZIhvcNAQEFBQAwIjELMAkGA1UEBhMCVVMxEzARBgNV
> BAMMCkZyZWVTV0lUQ0gwIBcNMTgxMjI3MDEzOTIyWhgPMjExODEyMTAwMTM5MjJa
> MCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApGcmVlU1dJVENIMIICIjANBgkqhkiG
> 9w0BAQEFAAOCAg8AMIICCgKCAgEA/xUekzi8uf0ea+/GreneBm3sm9IsQ7L1Yfha
> 8hSvxaX8ElZIlUHUudkCHoreUgoN+AX/F/I4BY93zfAooZ0+q7CVLfJiLsnW5+Do
> 3o0eDXQWQ1qWm1a2tv4h7pFWTM9erGDIharhIUj45CJhtKM2Z5TxbRIp2HtAOMen
> N5M1v+zni7xKS0AOoY6H3i0qHnAeQt5QrpC11575/+5aEWW777W18v5iup9Cn7sR
> 4LxCdQrnJ9UzthNDvkLz5jYX10JZibVs/DehURv9jimVUYaan1fOzhDtVQh/av22
> m4KlTB8xzPSAm0TooRcB0zNbyXCAbnvl9E67orZrxvTzmaKxaPHkGPTqBN962Ti6
> TGSYlz31nKGNeABACSbDSRkRZcnv96+VMo6FKoppHpJISXTZwRQhOJ9Im7HVwISE
> zqhOgDSMo64DcCyif3LOL/gesRjPkc439HulLikDBBS9oAZq8vNg8x8FPA/urpka
> I+mLPTiE39o7vlb6CeBbGeQktUTB+egun8sBYi+DHXW4lX07HLFM6lqhqO8ZYNqY
> 1hEcPZY0GovVNlPVvebCIJhti/bBa/5EAwBGVJnEWjqTTYeIn1jF8eAxAMFHw94P
> RwWAOUgVmq9c5GuRTaw9QWkYg/4Hr4PojGMAIaD0R6m60fIEGOLkzBEUS1Wa6mqK
> EZKy6dkCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAoFXoWVf/in6dYKWgxSIOsUWA
> yyZiGOexO5P/WW5dVoQ0P67iE2wHkABMTkFe4ir3fHlyeKbbcCB3bU28rsPg/wwo
> P0TIbKNAucrwZ8JKhVQErri/bCYMuctdEN1YxqgQh4YVHYs2/tLr3koqD73crpUL
> aiq0DNWxx6nbTu7223b40zvKjzLNcjuD6DnKAeMaSdsYjfDtrLk5D1WzMXmG1jzu
> wwTAHVn0ru0aiQr3dSpUOD8/V+JqCLO7FbrJL6hpd6NemMasdUjgIr1FenuOmyXn
> A0PFIfQgW1LBlJP1UEGW+yWnVFBNn6pS5AwreVWpS1Tsewa8TTPB/A7ZUAlUb4Lg
> RsvaBc/56ACG9X2DqOBeYUaK/1Hio4/0n29EpB0zN2R0PPOV2QzBScMecIqbGyf3
> gstrMM8KG0GyZRTVOhElWkcgrxre6jM4bzTtOiaZD752pBrYP4EVGtf+oyC9UlKx
> 7ruCkYuNgyGzJgFfSC8s8zYOBAged3aggQYAL4k7rG3uUTnqOHmQg6XFghWCvc3j
> I+TEVKeaGhobcKmZp6CwTjmr63in2D1Kn902wVE6WVdHhJSxT1kuIGf3UYhUWZ6Y
> iBdtAKKhd8QmUYvhzpEHyTPV9bVrrIJJRQW3kzB8jVuyrSYYWnxibcpVxAE1CyHb
> IlJagm7ZFZDqZ4Gn4TM=
> -----END CERTIFICATE-----
> subject=/C=US/CN=FreeSWITCH
> issuer=/C=US/CN=FreeSWITCH
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1527 bytes and written 863 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
> Server public key is 4096 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : AES256-GCM-SHA384
>     Session-ID:
> 99DD9750EDDD173E6E41606FB834F0F5AA4B27AA0CCF8284F8D87F47E607D9A9
>     Session-ID-ctx:
>     Master-Key:
> D1F6C0AD00EB7151098BF0DD68670DE9D4631ACED00CE97EAD684B2670BDE283D34FC85CF7D6CED82FB79C68A150988A
>     Key-Arg   : None
>     Krb5 Principal: None
>     PSK identity: None
>     PSK identity hint: None
>     TLS session ticket lifetime hint: 300 (seconds)
>     TLS session ticket:
>     0000 - 9a 90 ee 94 ba 4d da e1-d7 c9 6d f1 bb 86 0b 74
>  .....M....m....t
>     0010 - 53 d3 62 eb ca 6b 3e 2b-c4 36 f4 34 ff 73 e0 6a
>  S.b..k>+.6.4.s.j
>     0020 - 79 f7 72 d7 ca 24 fa 60-bb 37 c8 b9 cd df 71 74
>  y.r..$.`.7....qt
>     0030 - 00 d8 37 c6 a2 ef dc 49-08 15 36 04 45 58 f5 af
>  ..7....I..6.EX..
>     0040 - 0c 09 66 36 98 34 6f d0-6d cb 4a 6e 9e 2a 67 d1
>  ..f6.4o.m.Jn.*g.
>     0050 - b2 84 a1 f2 ff 6f 7a 89-6f 92 5f ca 8b 6a 96 d1
>  .....oz.o._..j..
>     0060 - 7a 18 f4 b8 50 8e 31 d1-d0 9f 52 d0 01 43 ba eb
>  z...P.1...R..C..
>     0070 - 6b 89 bb 9e 7c 60 dd 16-ce 2e 14 c4 44 ca 32 74
>  k...|`......D.2t
>     0080 - da 66 fc 17 ac a3 04 29-3d f6 b8 39 c4 c2 48 81
>  .f.....)=..9..H.
>     0090 - 75 a1 2e 93 bc 2d 23 c5-5d 35 1b 88 1e 75 97 ee
>  u....-#.]5...u..
>
>     Start Time: 1546611916
>     Timeout   : 300 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
> read:errno=0
>
>
> ><>
> nathan stratton
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190108/3365b212/attachment-0001.html>


More information about the FreeSWITCH-users mailing list