jartiili Posted March 7, 2008 Report Posted March 7, 2008 I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version) disconnect handshake after client key exchange packet. It send Server cerificate corretly I install server ceritficate and private key whit PEM format. Server side log do not have any errors only "SIP port accept from <IP address>" message. Any idea what goes wrong? Quote
Vodia PBX Posted March 7, 2008 Report Posted March 7, 2008 I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version)disconnect handshake after client key exchange packet. It send Server cerificate corretly I install server ceritficate and private key whit PEM format. Server side log do not have any errors only "SIP port accept from <IP address>" message. Any idea what goes wrong? The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam. Quote
jartiili Posted March 14, 2008 Author Report Posted March 14, 2008 The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam. Problem seem to be PBX, it send alert and disconnect when cliet send key exchage packet pbx certificate seem to be ok, server hello have correct certificate included and client accep it. Quote
Vodia PBX Posted March 14, 2008 Report Posted March 14, 2008 Hmm. Are you using a client certificate? Maybe it makes sense to have a Wireshark of it... Quote
intParse (Medisys) Posted October 9, 2008 Report Posted October 9, 2008 How do you add the root certificates for pbxnsip? IE complained about certificate being not valid and when I look at the certificate details in the General tab, the validation date shows "Valid from 7/1/2005 to 7/1/2006". How can I extend this validation period for the certificate? ---- Certificate window General Tab --- Certificate Information This certificate cannot be verified up to a trusted certification authority. Issued to: localhost Issued by: Product Development Valid from 7/1/2005 to 7/1/2006 ---- END ---- PBXnSIP is set to propose secure connection. SNOM 360s work just fine. eyeBeam version 1.5.19.2 Build 49847 can register, make calls but can't receive calls. SIP log has the following output; "SIP/2.0 415 No secure channel available for encrypted call" Do you think it is the certificate? if so how can I extend the validation period? Thanks, The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam. Quote
intParse (Medisys) Posted October 9, 2008 Report Posted October 9, 2008 OK, I've found this http://wiki.pbxnsip.com/index.php/Getting_...lid_Certificate but I don't think this would help, right? Quote
Vodia PBX Posted October 9, 2008 Report Posted October 9, 2008 OK, I've found this http://wiki.pbxnsip.com/index.php/Getting_...lid_Certificate but I don't think this would help, right? Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine. Quote
intParse (Medisys) Posted October 10, 2008 Report Posted October 10, 2008 Thanks for your reply. I've solved the problem but forgot to write it here. The previous posts and the wiki link definitely helped. I've followed a similar way as you've suggested; instead of cacert.org root certificate, I've created a personal/test CA cert using the openSSL and copied the Certificate and RSA key to the PBXnSIP page. After that I had to add the CA cert to my "Trusted Root Certification Authorities" via IE. This was just a test to get eyeBeam working with TLS/SRTP. Our client has agreed to get a signed CA Cert from a Certificate Authority (Verisign, Thawtee etc). Thanks again for your help. Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.