Jump to content

install certificate


reco
 Share

Recommended Posts

i also tried to only generate a 512 key

 

openssl req \

-x509 -nodes -days 365 \

-newkey rsa:512 -keyout host.pem -out host.pem

 

i copy the certificate part only and paste it into the certificate text area in the web admin.

after save the log output:

 

[5] 20100407153234: Error reading certificate file: Loading defaults

 

pbx version 3.4.0.3201 (Darwin)

Link to comment
Share on other sites

  • 2 months later...
I read the same article but it didn't work. The server keeps using the default certificate. Could you please explain how you did it?

 

In version 4, things have changed a little bit. The certificate can now be linked to a specific domain (see RFC3546), therefore you can import the certificate as a "global" certificate or a "domain" certificate. The domain name in the certificate must match the name in the PBX; otherwise clients that chech the cert will reject it.

Link to comment
Share on other sites

Guest catalina

I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation?

My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one.

Link to comment
Share on other sites

I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation?

My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one.

 

4.0.1.3499 is the current stable release, see http://www.pbxnsip.com/download-software/software.php. I believe the version that you are running is not the latest with the certificates.

Link to comment
Share on other sites

Guest catalina

OK, it worked with version 4.0.1.3499. Thanks!

 

In case anybody else would like to know, here is how I generated the keys:

openssl genrsa -rand -des -out key.pem 1024

openssl req -x509 -new -days 365 -key key.pem -out cert.pem

 

Then I used:

- the content of cert.pem as Certificate

- the content of key.pem as Private Key

Link to comment
Share on other sites

  • 4 weeks later...

hmm back to the game :)

 

i am on 4.2.0.3899 (Darwin)

 

how i generate it:

 

$:~/pbx.domain.com $ openssl genrsa -rand -des -out key.pem 512 semi-random bytes loaded

$:~/pbx.domain.com $ openssl req -x509 -new -days 365 -key key.pem -out cert.pem

 

copy paste into admin/certificates

after save still default (with or without default option checked) certificate textareas still empty.

checking with firefox confirms that the default.pbxnsip.com certificate is still loaded.

 

these are the options i entered.

 

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [some-State]:NY

Locality Name (eg, city) []:NY

Organization Name (eg, company) [internet Widgits Pty Ltd]:pbx.domain.com

Organizational Unit Name (eg, section) []:pbx.domain.com

Common Name (eg, YOUR name) []:pbx.domain.com

Email Address []:mail@pbx.domain.com

 

the logfile does not mention anything.

Link to comment
Share on other sites

hi there,

 

it actually does work. the problem the ui does not say a singe thing about it.

 

 

how i generate it:

 

$ openssl genrsa -rand -rsa -out key.pem 1024 semi-random bytes loaded

$ openssl req -x509 -new -days 1095 -key key.pem -out cert.pem

 

- be sure to use rsa

- Common Name (eg, YOUR name) has to match the FQDN of the pbx

 

put both key and cert into textarea

save

 

if the log file days nothing it usually works :) i put in a ticket to give some visual feedback.

 

reco

Link to comment
Share on other sites

there is no certificates in my pbx working folder.

[/quote

 

Thats not good. Something must have gone wrong with the import then. Are you using this format that starts with the --BEGIN stuff? There are many formats for certificates (and their associated private keys). If the PBX should serve the certificate, it of course also needs to have the associated private key.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...