[Blink] Blink not recognizing private CA certificate
Saúl Ibarra Corretgé
saul at ag-projects.com
Tue Dec 2 11:40:13 CET 2014
Hi Ben,
Sorry for the delay, this got lost in my inbox :-S
On 10 Nov 2014, at 00:20, Ben Klang <bklang at mojolingo.com> wrote:
> Hello all,
>
> I’m trying to figure out where Blink’s CA certificate store is. I’m using Blink Pro on OS X (Yosemite). I’ve imported my CA certificate into both my Login and System keychains and set it to trusted. Safari validates the certificate fine. But when I try to connect to my Asterisk 13 instance secured with TLS, I get the error “503 SSL certificate verification error (PJSIP_TLS_ECERTVERIF)”. Disabling the certificate check in the Advanced section makes the registration work. What am I missing?
>
Currently Blink has the limitation that it can only use one set of TLS settings, that is, certificate + key and CA bundle. All of them are required to get the TLS transport working and Blink comes with a bundled CA cert (a dummy one). There is no setting for it because we have some internal fixes to do before we can make it actually useful.
You could replace /Applications/Blink\ Pro.app/Contents/Resources/ca.crt with your own CA bundle, but I guess OSX would complain about signatures…
TLDR: right now it’s not really possible to do server verification.
Cheers,
--
Saúl Ibarra Corretgé
AG Projects
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ag-projects.com/pipermail/blink/attachments/20141202/71e9f618/attachment.pgp>
More information about the Blink
mailing list