Hi Daniel, Thank you very much for your responses! At least I only wasted 5 hours on the chained certificate issue. I have some responses / questions below.
>> The certificate is a GeoTrust Rapid SSL certificate. I have received >> the my server specific crt file and also an intermediate certificate. > > Intermediate certificates work for some user agents (e.g. my Polycom). > There has been speculation that they won't work with some older UAs > > Ultimately, most of the budget priced certificates are signed with an > intermediate cert, and OpenSSL supports it, so there is no reason > Asterisk shouldn't support this. > You asked a question as to what people have experience with. When I googled, the only response I found was this one which said Comodo didn't work with Microsoft: http://pbxinaflash.com/forum/showthread.php?t=11001 I quickly did a search using SSL shopper when I wanted to purchase a "real" certificate and they said all 8 certificates they had on record for a single domain were chained. I think this is a new requirement of 256 bit encryption so as you pointed out (and if I read the Rapid SSL page properly), we aren't going to get away from it. > Yes, in the correct order > > Currently, Asterisk expects the key and cert together in the same file: > I think that is bad, but that is the way it is: > > https://issues.asterisk.org/jira/browse/ASTERISK-19267 I will give this a shot later on tonight... >> * And, is it necessary to use both my server specific certificate and >> the intermediate certificate on the telephones or will the telephones >> only require the server specific certificate? > > The phones should already have the root certificate for Geotrust, you > should not deploy intermediate roots into the phones if you can avoid it If I understand this correctly (and the other emails you sent), the Polycom does not need any preloaded certificates / keys, it will ask the CA and then evaluate the certificate provided by Asterisk during TLS setup; is that correct? Kind Regards Stuart -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
