Import SSL Certificate

Status
Not open for further replies.
M

mikeonan

New Member
Apr 17, 2020
16
0
1
Nashville, TN
I want to import an SSL certificate instead of using Let's Encrypt but having a hard time finding documentation on steps. I think I can alter the SSL config in sites enabled for the web interface but what about Freeswitch? Any help would be greatly appreciated!
 
Adrian Fretwell

Adrian Fretwell

Well-Known Member
Aug 13, 2017
1,498
413
83
It is relatively straight forward, copy you certificate files onto your system by whatever means suits you, then check they have the correct permissions and copy them to the locations required, example script below:
Code: 
#!/bin/bash

# make sure we have the correct permissions
chown root:ssl-cert my.certificate-privkey.pem
chown root:root my.certificate-cert.pem
chown root:root my.certificate-chain.pem
chown root:root my.certificate-fullchain.pem
chmod 640 my.certificate-privkey.pem
chmod 644 my.certificate-cert.pem
chmod 644 my.certificate-chain.pem
chmod 644 my.certificate-fullchain.pem

# copy file for webserver
cp my.certificate-fullchain.pem /etc/ssl/certs/my.certificate-fullchain.pem
cp my.certificate-privkey.pem /etc/ssl/private/my.certificate-privkey.pem

systemctl restart nginx


#setup freeswitch tls

#make sure the freeswitch directory exists
mkdir -p /etc/freeswitch/tls

#make sure the freeswitch certificate directory is empty
rm /etc/freeswitch/tls/*

#combine the certs into all.pem
cat my.certificate-fullchain.pem > /etc/freeswitch/tls/all.pem
cat my.certificate-privkey.pem >> /etc/freeswitch/tls/all.pem

#copy the certificates - not required, but useful to know what is in all.pem
cp my.certificate-cert.pem /etc/freeswitch/tls/cert.pem
cp my.certificate-chain.pem /etc/freeswitch/tls/chain.pem
cp my.certificate-fullchain.pem /etc/freeswitch/tls/fullchain.pem
cp my.certificate-privkey.pem /etc/freeswitch/tls/privkey.pem

#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem

#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls

fs_cli -x "reload mod_sofia"
 
  • Like
Reactions: johnnyorange, etsiot, KonradSC and 1 other person
M

mikeonan

New Member
Apr 17, 2020
16
0
1
Nashville, TN
Adrian Fretwell said:
It is relatively straight forward, copy you certificate files onto your system by whatever means suits you, then check they have the correct permissions and copy them to the locations required, example script below:
Code: 
#!/bin/bash

# make sure we have the correct permissions
chown root:ssl-cert my.certificate-privkey.pem
chown root:root my.certificate-cert.pem
chown root:root my.certificate-chain.pem
chown root:root my.certificate-fullchain.pem
chmod 640 my.certificate-privkey.pem
chmod 644 my.certificate-cert.pem
chmod 644 my.certificate-chain.pem
chmod 644 my.certificate-fullchain.pem

# copy file for webserver
cp my.certificate-fullchain.pem /etc/ssl/certs/my.certificate-fullchain.pem
cp my.certificate-privkey.pem /etc/ssl/private/my.certificate-privkey.pem

systemctl restart nginx


#setup freeswitch tls

#make sure the freeswitch directory exists
mkdir -p /etc/freeswitch/tls

#make sure the freeswitch certificate directory is empty
rm /etc/freeswitch/tls/*

#combine the certs into all.pem
cat my.certificate-fullchain.pem > /etc/freeswitch/tls/all.pem
cat my.certificate-privkey.pem >> /etc/freeswitch/tls/all.pem

#copy the certificates - not required, but useful to know what is in all.pem
cp my.certificate-cert.pem /etc/freeswitch/tls/cert.pem
cp my.certificate-chain.pem /etc/freeswitch/tls/chain.pem
cp my.certificate-fullchain.pem /etc/freeswitch/tls/fullchain.pem
cp my.certificate-privkey.pem /etc/freeswitch/tls/privkey.pem

#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem

#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls

fs_cli -x "reload mod_sofia"
Click to expand...
Thank you for the reply!
 
Status
Not open for further replies.
Top Bottom