[asterisk-users] Calendar: cert mismatch

Phil Daws uxbod at splatnix.net
Tue Feb 26 03:37:38 CST 2013


Agreed. Local CA is probably the best route to take, and the most manageable, so will look at doing that. Thank you.

----- Original Message -----
From: "James Cloos" <cloos at jhcloos.com>
To: "Phil Daws" <uxbod at splatnix.net>
Cc: chris at acsdi.com, "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Tuesday, 26 February, 2013 12:45:46 AM
Subject: Re: [asterisk-users] Calendar: cert mismatch

>>>>> "PD" == Phil Daws <uxbod at splatnix.net> writes:

PD> It does generate a validity warning, as its self-signed, though I have
PD> added it to the PBX ca-bundle.crt.  Am I right in assuming that
PD> Asterisk will use the default OpenSSL paths for where certificates are
PD> stored ?

The error said that the hostname in the uri does not match (any of) the
hostname(s) in the cert.

Does the self-signed cert have the hostname in either the CN or in (any
of) the dnsName(s) in the subjectAltName section?

It might work better if you created a local CA and used that to sign an
end-entity cert for each server which needs one.  Then add that CA cert
to the bundle.  Recent versions of tls (claim to have) deprecated the
idea of using self-signed certs for anything other than root ca certs,
but you can always create your own CA.

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6



More information about the asterisk-users mailing list