Freeswitch TLS (Fusionpbx)
by glennbtn from LinuxQuestions.org on (#6FA4N)
Hi All
Hoping someone can help me here as I can't seem to get an answer anywhere and hoping some of you guys use freeswitch.
I am trying to get TLS up and running on a multi domain server. The server has a valid digicert commercial wildcard certificate up an running in Nginx which works fine.
I have done the following to get it up and running in the TLS folder, which I originally belived to be correct
Code:cat /etc/ssl/certs/ssl.crt > /etc/freeswitch/tls/all.pem
cat /etc/ssl/private/mykey.key >> /etc/freeswitch/tls/all.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
chown -R www-data:www-data /etc/freeswitch/tlsThis is actually Fusionpbx so to get up an running I have changed variable internal_ssl_enable to true as we only use the internal profile with access via approved ip addresses
When I try to get it up and running by stopping and restarting the internal profile though I get the following error in fs_cli
[ERR] sofia.c:3311 Error Creating SIP UA for profile: internal (sip:mod_sofia@ipaddress:5060;maddr=ipaddress;transport=udp,tcp). Bad WSS.PEM certificate.
These are the instructions for using the lets encrypt which work so who knows what I am doing wrong here
Code:#combine the certs into all.pem
cat /etc/ssl/certs/ssl.crt > /etc/freeswitch/tls/all.pem
cat /etc/ssl/private/vostel.key >> /etc/freeswitch/tls/all.pem
#copy the certificates
cp /etc/ssl/certs/ssl.crt /etc/freeswitch/tls/cert.pem
cp /etc/ssl/private/vostel.key /etc/freeswitch/tls/privkey.pem
#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls
# Update Internal profile
internal_ssl_dir > /etc/freeswitch/tls
and enableCan anyone advise please where I am going wrong
Hoping someone can help me here as I can't seem to get an answer anywhere and hoping some of you guys use freeswitch.
I am trying to get TLS up and running on a multi domain server. The server has a valid digicert commercial wildcard certificate up an running in Nginx which works fine.
I have done the following to get it up and running in the TLS folder, which I originally belived to be correct
Code:cat /etc/ssl/certs/ssl.crt > /etc/freeswitch/tls/all.pem
cat /etc/ssl/private/mykey.key >> /etc/freeswitch/tls/all.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
chown -R www-data:www-data /etc/freeswitch/tlsThis is actually Fusionpbx so to get up an running I have changed variable internal_ssl_enable to true as we only use the internal profile with access via approved ip addresses
When I try to get it up and running by stopping and restarting the internal profile though I get the following error in fs_cli
[ERR] sofia.c:3311 Error Creating SIP UA for profile: internal (sip:mod_sofia@ipaddress:5060;maddr=ipaddress;transport=udp,tcp). Bad WSS.PEM certificate.
These are the instructions for using the lets encrypt which work so who knows what I am doing wrong here
Code:#combine the certs into all.pem
cat /etc/ssl/certs/ssl.crt > /etc/freeswitch/tls/all.pem
cat /etc/ssl/private/vostel.key >> /etc/freeswitch/tls/all.pem
#copy the certificates
cp /etc/ssl/certs/ssl.crt /etc/freeswitch/tls/cert.pem
cp /etc/ssl/private/vostel.key /etc/freeswitch/tls/privkey.pem
#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls
# Update Internal profile
internal_ssl_dir > /etc/freeswitch/tls
and enableCan anyone advise please where I am going wrong