reco Posted April 7, 2010 Report Share Posted April 7, 2010 i am trying to install a 1024bit certificate but all i get in the log is: [5] 20100407143823: Error reading certificate file: Loading defaults this is how i created my csr openssl req -new -nodes -keyout host.key -out host.csr Quote Link to comment Share on other sites More sharing options...
reco Posted April 7, 2010 Author Report Share Posted April 7, 2010 i also tried to only generate a 512 key openssl req \ -x509 -nodes -days 365 \ -newkey rsa:512 -keyout host.pem -out host.pem i copy the certificate part only and paste it into the certificate text area in the web admin. after save the log output: [5] 20100407153234: Error reading certificate file: Loading defaults pbx version 3.4.0.3201 (Darwin) Quote Link to comment Share on other sites More sharing options...
reco Posted April 7, 2010 Author Report Share Posted April 7, 2010 i got this to work thanx to the old good wiki http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 8, 2010 Report Share Posted April 8, 2010 i got this to work thanx to the old good wiki http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate Unfortunately, certificates are very complicated... Yea, the good old Wiki! I still don't understand why we had to turn it off. Quote Link to comment Share on other sites More sharing options...
Guest catalina Posted June 28, 2010 Report Share Posted June 28, 2010 Hi I read the same article but it didn't work. The server keeps using the default certificate. Could you please explain how you did it? Thanks i got this to work thanx to the old good wiki http://support.pbxnsip.com/index.php/Loadi...f_a_Certificate Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 29, 2010 Report Share Posted June 29, 2010 I read the same article but it didn't work. The server keeps using the default certificate. Could you please explain how you did it? In version 4, things have changed a little bit. The certificate can now be linked to a specific domain (see RFC3546), therefore you can import the certificate as a "global" certificate or a "domain" certificate. The domain name in the certificate must match the name in the PBX; otherwise clients that chech the cert will reject it. Quote Link to comment Share on other sites More sharing options...
Guest catalina Posted July 1, 2010 Report Share Posted July 1, 2010 I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation? My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 7, 2010 Report Share Posted July 7, 2010 I have version 4.0.0.3343. Does the wiki article no longer apply in this case? If so, any idea where I can find the new documentation?My problem is not that the certificate is not accepted by the client. I am directing my browser to the pbxnsip https page and I can see the certificate details. This is where I see that the default pbxnsip certificate is still used instead of the uploaded one. 4.0.1.3499 is the current stable release, see http://www.pbxnsip.com/download-software/software.php. I believe the version that you are running is not the latest with the certificates. Quote Link to comment Share on other sites More sharing options...
Guest catalina Posted July 14, 2010 Report Share Posted July 14, 2010 OK, it worked with version 4.0.1.3499. Thanks! In case anybody else would like to know, here is how I generated the keys: openssl genrsa -rand -des -out key.pem 1024 openssl req -x509 -new -days 365 -key key.pem -out cert.pem Then I used: - the content of cert.pem as Certificate - the content of key.pem as Private Key Quote Link to comment Share on other sites More sharing options...
reco Posted August 7, 2010 Author Report Share Posted August 7, 2010 hmm back to the game i am on 4.2.0.3899 (Darwin) how i generate it: $:~/pbx.domain.com $ openssl genrsa -rand -des -out key.pem 512 semi-random bytes loaded $:~/pbx.domain.com $ openssl req -x509 -new -days 365 -key key.pem -out cert.pem copy paste into admin/certificates after save still default (with or without default option checked) certificate textareas still empty. checking with firefox confirms that the default.pbxnsip.com certificate is still loaded. these are the options i entered. Country Name (2 letter code) [AU]:US State or Province Name (full name) [some-State]:NY Locality Name (eg, city) []:NY Organization Name (eg, company) [internet Widgits Pty Ltd]:pbx.domain.com Organizational Unit Name (eg, section) []:pbx.domain.com Common Name (eg, YOUR name) []:pbx.domain.com Email Address []:mail@pbx.domain.com the logfile does not mention anything. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 9, 2010 Report Share Posted August 9, 2010 Is there anything in the certificates directory? Quote Link to comment Share on other sites More sharing options...
reco Posted August 12, 2010 Author Report Share Posted August 12, 2010 hi there, it actually does work. the problem the ui does not say a singe thing about it. how i generate it: $ openssl genrsa -rand -rsa -out key.pem 1024 semi-random bytes loaded $ openssl req -x509 -new -days 1095 -key key.pem -out cert.pem - be sure to use rsa - Common Name (eg, YOUR name) has to match the FQDN of the pbx put both key and cert into textarea save if the log file days nothing it usually works i put in a ticket to give some visual feedback. reco Quote Link to comment Share on other sites More sharing options...
reco Posted August 12, 2010 Author Report Share Posted August 12, 2010 there is no certificates in my pbx working folder. reco Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 15, 2010 Report Share Posted August 15, 2010 there is no certificates in my pbx working folder. [/quote Thats not good. Something must have gone wrong with the import then. Are you using this format that starts with the --BEGIN stuff? There are many formats for certificates (and their associated private keys). If the PBX should serve the certificate, it of course also needs to have the associated private key. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.