[Freeswitch-users] Using TLS certificate with intermediate CA
Stefan
gidoramothra at gmail.com
Wed Mar 24 16:29:30 UTC 2021
Hello, I also got certs from let's encrypt, and use a little script to make
freeswitch and the clients (polyphone, linphone, verto communicator)
happy. Just copy the contents of /etc/letsencrypt/live/your.host.name
to /etc/freeswitch/tls (or wherever your installation stores the certs)
and then do the following:
cat fullchain.pem privkey.pem > all.pem
ln -s all.pem tls.pem
ln -s all.pem agent.pem
ln -s all.pem wss.pem
ln -s all.pem dtls-srtp.pem
For me it works without even providing the real root ca cert, but if you
want that too, download it from letsencrypt like so:
wget -O ca.pem https://letsencrypt.org/certs/trustid-x3-root.pem.txt
cat chain.pem ca.pem > cafile.pem
Hope that works for You too. Polycoms need at least ucs v4.0.15 to
accept the letsencrypt certs (as far as I have tested it).
__
s.
On Wed, Mar 24, 2021 at 11:40:30AM +0100, Thilo-Alexander Ginkel wrote:
> Hello everyone,
>
> I am currently struggling to get FreeSWITCH
> (1.10.5-release-17-25569c1631~64bit) to send the intermediate CA
> certificate for a Let's Encrypt X.509 certificate to be used for
> protecting SIPS traffic.
>
> I included the certificate chain in agent.pem:
>
> -- 8< --
> -----BEGIN EC PARAMETERS-----
> *REDACTED*
> -----END EC PARAMETERS-----
> -----BEGIN EC PRIVATE KEY-----
> *REDACTED*
> -----END EC PRIVATE KEY-----
> -----BEGIN CERTIFICATE-----
> *SERVER CERT*
> -----END CERTIFICATE-----
>
> -----BEGIN CERTIFICATE-----
> *INTERMEDIATE CERT*
> -----END CERTIFICATE-----
> -- 8< --
>
> Still, clients are complaining about an invalid CA and openssl s_client
> hints at only the server cert being sent in the server hello.
>
> What did I miss?
>
> Thanks,
> Thilo
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
More information about the FreeSWITCH-users
mailing list