install certificate

[reco]

i am trying to install a 1024bit certificate but all i get in the log is:

 

[5] 20100407143823: Error reading certificate file: Loading defaults

 

this is how i created my csr

 

openssl req -new -nodes -keyout host.key -out host.csr

[reco]

i also tried to only generate a 512 key

 

openssl req \

-x509 -nodes -days 365 \

-newkey rsa:512 -keyout host.pem -out host.pem

 

i copy the certificate part only and paste it into the certificate text area in the web admin.

after save the log output:

 

[5] 20100407153234: Error reading certificate file: Loading defaults

 

pbx version 3.4.0.3201 (Darwin)

[reco]

i got this to work thanx to the old good wiki

 

http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate

[Vodia PBX]

i got this to work thanx to the old good wiki

 

http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate

 

Unfortunately, certificates are very complicated... Yea, the good old Wiki! I still don't understand why we had to turn it off.

[Guest catalina]

Hi

 

I read the same article but it didn't work. The server keeps using the default certificate. Could you please explain how you did it?

 

Thanks

 

i got this to work thanx to the old good wiki

 

http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate

[Vodia PBX]

I read the same article but it didn't work. The server keeps using the default certificate. Could you please explain how you did it?

 

In version 4, things have changed a little bit. The certificate can now be linked to a specific domain (see RFC3546), therefore you can import the certificate as a "global" certificate or a "domain" certificate. The domain name in the certificate must match the name in the PBX; otherwise clients that chech the cert will reject it.

[Guest catalina]

I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation?

My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one.

[Vodia PBX]

I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation?

My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one.

 

4.0.1.3499 is the current stable release, see http://www.pbxnsip.com/download-software/software.php. I believe the version that you are running is not the latest with the certificates.

[Guest catalina]

OK, it worked with version 4.0.1.3499. Thanks!

 

In case anybody else would like to know, here is how I generated the keys:

openssl genrsa -rand -des -out key.pem 1024

openssl req -x509 -new -days 365 -key key.pem -out cert.pem

 

Then I used:

- the content of cert.pem as Certificate

- the content of key.pem as Private Key

[reco]

hmm back to the game

 

i am on 4.2.0.3899 (Darwin)

 

how i generate it:

 

$:~/pbx.domain.com $ openssl genrsa -rand -des -out key.pem 512 semi-random bytes loaded

$:~/pbx.domain.com $ openssl req -x509 -new -days 365 -key key.pem -out cert.pem

 

copy paste into admin/certificates

after save still default (with or without default option checked) certificate textareas still empty.

checking with firefox confirms that the default.pbxnsip.com certificate is still loaded.

 

these are the options i entered.

 

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [some-State]:NY

Locality Name (eg, city) []:NY

Organization Name (eg, company) [internet Widgits Pty Ltd]:pbx.domain.com

Organizational Unit Name (eg, section) []:pbx.domain.com

Common Name (eg, YOUR name) []:pbx.domain.com

Email Address []:mail@pbx.domain.com

 

the logfile does not mention anything.

[Vodia PBX]

Is there anything in the certificates directory?

[reco]

hi there,

 

it actually does work. the problem the ui does not say a singe thing about it.

 

 

how i generate it:

 

$ openssl genrsa -rand -rsa -out key.pem 1024 semi-random bytes loaded

$ openssl req -x509 -new -days 1095 -key key.pem -out cert.pem

 

- be sure to use rsa

- Common Name (eg, YOUR name) has to match the FQDN of the pbx

 

put both key and cert into textarea

save

 

if the log file days nothing it usually works i put in a ticket to give some visual feedback.

 

reco

[reco]

there is no certificates in my pbx working folder.

 

reco

[Vodia PBX]

there is no certificates in my pbx working folder.

[/quote

 

Thats not good. Something must have gone wrong with the import then. Are you using this format that starts with the --BEGIN stuff? There are many formats for certificates (and their associated private keys). If the PBX should serve the certificate, it of course also needs to have the associated private key.