Update Web SSL Certs Via Command Line?

[Gerald Drouillard]

Anybody have a way to update ssl certs for apache and make them stick?  After replacing the files in /etc/httpd/conf.d/ssl and doing a httpd reload everything is fine.  There seems to be a maint process that eventually runs in sipx and sets them back to something that was configured via the web.  Probably the /etc/sipxpbx/ssl/ssl-web.keystore

In the 4.x versions of sipx there was a script to update the certs via the command line, but that does not exist anymore.

I am getting the new ssl certs via letsencrypt and would like to automate this a little.

[Mircea Carasel]

Hi,

You have to use the Admin UI to update certificates. If you manually put them in httpd, cfengine will automatically overwrite them with the ones saved in the system.

System/Security/Certificates/Web Certificate tab

Mircea

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/d35953f8-8e0a-409b-990c-d84c5db3d8d0%40googlegroups.com.

[Ari Sonesh]

Is there a way to update the the SSL certificate saved in the system via a command line?

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/CAJWhAbiBJwoAg%3DMouL-6yy%3DdJ9uGZa-%3DEvTxZvAPgAH8Je2SRw%40mail.gmail.com.

[Mircea Carasel]

On Tue, Oct 15, 2019 at 4:47 PM Ari Sonesh <aso...@gmail.com> wrote:

Is there a way to update the the SSL certificate saved in the system via a command line

No, the files are generated via sipXconfig web app, and copied to apache httpd via cfengine

Mircea 

[Gerald Drouillard]

Can anybody validate that, according to the source code, it seems like
the cert is saved into the ssl-web.keystore? Would that be what
cfengine is using to sync to httpd?

I may even be worth it for a single server install to have httpd work
with an option like DNS, DHCP and firewall to be manually configured.

[Michael Picher]

fyi, we are working on Let's encrypt integration for version 19.12.

Michael Picher, VP of Product Management
eZuce, Inc.

5 Central Street, Suite 302

Stoneham, MA. 02180

O.978-296-1005 X2015 
M.207-458-1892

linkedin
www.ezuce.com

Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee(s) named above. Any dissemination or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.

--

You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/CAJWhAbgKoEjGXQLL-X4D7%2BF5Sj5HG-N5wQO-3QS3OVhubcbgvg%40mail.gmail.com.

[Mircea Carasel]

No, that is te web keystore, meaning the  web certificate plus the private key.

The web cert is ssl-web.crt

Mircea

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/CAC_Y%2BMDEg63vcDWMAewPXtYA0QX%3DXNkmZ8h1z0JRKYm3ic0mLg%40mail.gmail.com.

[Gerald Drouillard]

That may give me the "hooks" I need then. (fingers crossed) We run
our sipx behind a proxy for offsite access for security purposes, so
they have the main web server "shares" a ssl cert with sipx server.
The main web server is responsible for updating the letsencrypt cert
and then is passed down to the sipx server.

--
Regards
--------------------------------------
Gerald Drouillard

[Gerald Drouillard]

On Tue, Oct 15, 2019 at 10:48 AM Mircea Carasel <mir...@ezuce.com> wrote:
>
> No, that is te web keystore, meaning the web certificate plus the private key.
>
> The web cert is ssl-web.crt

There only place that file exist is in the /etc/httpd/conf.d/ssl
directory and it gets overwritten with the old cert that was initially
installed via the admin web interface. So it must have "original"
somewhere?

[Mircea Carasel]

În 

There only place that file exist is in the /etc/httpd/conf.d/ssl
directory and it gets overwritten with the old cert that was initially
installed via the admin web interface.  So it must have "original"
somewhere?

Look into /var/sipxdata/cfdata/1/ssl-web.crt

Mircea

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/CAC_Y%2BMDbuKNtRsP6ZLvYLfpQA5KN8hhp6A4KPdoDMjs67GcteA%40mail.gmail.com.