Install Godaddy SSL certificate on Nginx, Verto, FusionPBX

arstech Leave a Comment

mod_verto

Verto (VER-to) RTC is a FreeSWITCH endpoint that implements a subset of a JSON-RPC connection designed for use over secure websockets.
This allows a web browser or other WebRTC client to originate a call using Verto into a FreeSWITCH installation and then out to the PSTN using SIP, SS7, or other supported protocol.

Install Godaddy SSL certificate on Nginx

Godaddy gives you the zip file, which contains 2 files: mysite.com.crt and gd_bundle.crt. You need to combine both files into one. And then copy to your certificates directory on server.

cat mysite.com.crt gd_bundle.crt > /etc/ssl/certs/combinedKey.crt
cp private.key /etc/ssl/private/privatekey.key

Edit Nginx configuration file nginx.conf:

server {
    listen          443;
    server_name     www.mysite.com;
    ssl                     on;
    ssl_certificate         /etc/ssl/certs/combinedKey.crt;
    ssl_certificate_key     /etc/ssl/private/privatekey.key;
    ...
}

 

Restart Nginx processes:

# /etc/init.d/nginx restart

 

Configure Verto

layout for /usr/local/freeswitch/certs/wss.pem:

-----BEGIN CERTIFICATE-----
<cert>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<key>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<chain>
-----END CERTIFICATE-----

 

So we need combine 2 files into one – wss.pem:

cat /etc/ssl/certs/combinedKey.crt /etc/ssl/private/privatekey.key > /usr/local/freeswitch/certs/wss.pem

Create mod_verto configuration file verto.conf.xml:
/usr/local/freeswitch/conf/autoload_configs/verto.conf.xml

<configuration name="verto.conf" description="HTML5 Verto Endpoint">
<settings>
<param name="debug" value="10"/>
<param name="enable-presence" value="false"/>
<param name="detach-timeout-sec" value="0"/>
</settings>
<profiles>
<profile name="mine">
<param name="bind-local" value="0.0.0.0:8081"/>
<param name="bind-local" value="0.0.0.0:8082" secure="true"/>
<param name="secure-combined" value="/usr/local/freeswitch/certs/wss.pem"/>
<param name="secure-chain" value="/usr/local/freeswitch/certs/wss.pem"/>
<param name="userauth" value="true"/>
<param name="context" value="public"/>
<param name="dialplan" value="XML"/>
<param name="mcast-ip" value="239.1.1.1"/>
<param name="mcast-port" value="1337"/>
<param name="local-network" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan.auto"/>
<param name="rtp-ip" value="${local_ip_v4}"/>
<!--  <param name="ext-rtp-ip" value=""/> -->
<param name="outbound-codec-string" value="opus,vp8"/>
<param name="inbound-codec-string" value="opus,vp8"/>
<param name="timer-name" value="soft"/>
</profile>
</profiles>
</configuration>

Reload mod_verto:

fs_cli -x 'reload mod_verto'

 

Test certificates:

openssl s_client -connect host.domain:443

 


arstech

More Posts

Leave a Reply