I've build up a working FreeSwitch box and can make internal calls on desktops using ws connections. Later on, I've configured the box to use SSL with certificates issued by Letsencrypt. SSL certificates are validated all good by https://www.sslshopper.com/ssl-checker.htm, and https:// connection in Chrome shows a good lock sign.
Then I changed my code from ws to wss (see below; the public IP address is masked.), but got 'net::ERR_CERT_COMMON_NAME_INVALID' errors in Chrome.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>sipjs-webphone</title>
<script src="./sip-0.15.1.min.js"></script>
<script>
var config = { uri: '[email protected]',
transportOptions: { wsServers: ['wss://1xx.xxx.xxx.xxx:7443'] },
authorizationUser: '1000', password: '1234' };
var ua = new SIP.UA(config);
ua.on("connected", function() {
console.log("Connected!");
});
</script>
</head>
<body>
</body>
</html>
Btw, I tried to change to following 2 places already:
1) append or replace /etc/freeswitch/tls/wss.pem with the valid certs/keys from Letsencrypt, no joy.
echo '' >> /usr/local/freeswitch/certs/wss.pem && cat cert.pem >> /usr/local/freeswitch/certs/wss.pem && cat privkey.pem >> /usr/local/freeswitch/certs/wss.pem && cat chain.pem >> /usr/local/freeswitch/certs/wss.pem
2) created wss.pem in /usr/local/freeswitch/certs (this directory was not existing if installed by 'apt install freeswitch', rather than from compiling the source code), but still no joy.
you can create symbolic link from letencrypt certificate to /etc/freeswitch/tls/wss.key and /etc/freeswitch/tls/wss.crt
If wss.key adn wss.crt exist, then FreeSwitch not use wss.pem file.
IF freeswitch build from source with default keys, then /etc/freeswitch folder to your location.
For information. FreeSwitch installed from packages use /etc/freeswitch, not /usr/local/freeswitch